Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit, Redirects/Random Shutdowns/Lockups


  • Please log in to reply
24 replies to this topic

#1 NightmareFrank

NightmareFrank

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 01 August 2012 - 11:25 AM

Hey guys. So recently I've been getting constant redirects and tabs opening that are completely unrelated to what I'm doing in my browser. Also, my pc is running slower than usual and I have experienced multiple random restarts and BSOD's.

Also I'd like to point out that during the DSS scan several of the exe's failed to respond and windows closed them. I'm running on Vista 64 bit so I cannot provide the other logs.
I have downloaded several of the malware removal tools in advance for preparation. I have also temporarily uninstalled my Norton antivirus, and found the virus in question with MBAM. I think it may be a Rootkit.Boot.Pihar.B. Also for some reason I cannot enable my Windows Firewall
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Frank at 12:05:41 on 2012-08-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5728 [GMT -4:00]
.
AV: StopSign® Antivirus FREE TRIAL diagnostic version *Disabled/Updated* {7C2260BC-B889-CFCA-C920-41663706ACC9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: StopSign® Antispyware FREE TRIAL diagnostic version *Disabled/Updated* {C7438158-9EB3-C044-F390-7A144C81E674}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\CapsUnlock\CapsUnlock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
-netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun: [SoftwareStation] "C:\Program Files (x86)\eAcceleration\Station\station.exe" /b Startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Frank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CAPSUN~1.LNK - C:\Program Files (x86)\CapsUnlock\CapsUnlock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3CA9AB09-4137-4EBB-B82D-56414614F5A9} : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{B649854A-5285-447F-80A0-DAB71B18B837} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun-x64: [SoftwareStation] "C:\Program Files (x86)\eAcceleration\Station\station.exe" /b Startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DeathAdder] "C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 eac_notifysvc;eAcceleration Notification Service;C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-9-17 115744]
R2 eac_productsvc;eAcceleration Product Manager Service;C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2009-9-17 264120]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-1 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-20 1262400]
R2 sstsmonsvc;StopSign® Antivirus Security Center Provider;C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-9-17 115744]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 StopSign Update Manager;StopSign Update Manager;C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe [2009-9-17 144720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-11 24652]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-7-20 130976]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-1-31 14440]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;C:\Windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys --> C:\Windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-16 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-01 15:16:41 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-01 15:10:30 20480 ----a-w- C:\Windows\svchost.exe
2012-08-01 13:39:34 98816 ----a-w- C:\Windows\sed.exe
2012-08-01 13:39:34 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-01 13:39:34 256000 ----a-w- C:\Windows\PEV.exe
2012-08-01 13:39:34 208896 ----a-w- C:\Windows\MBR.exe
2012-08-01 13:39:31 -------- d-s---w- C:\ComboFix
2012-08-01 13:16:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 12:36:04 -------- d-----w- C:\Users\Frank\AppData\Local\{DC943461-1D07-4D90-B8D6-529CEB11D71D}
2012-08-01 12:35:44 -------- d-----w- C:\Users\Frank\AppData\Local\{5DD61526-8F7B-4889-93DA-D843A9BAEFC9}
2012-08-01 00:34:32 -------- d-----w- C:\Users\Frank\AppData\Local\{C9872576-1CA6-4893-9221-BE70CB8D42C7}
2012-08-01 00:34:12 -------- d-----w- C:\Users\Frank\AppData\Local\{9FB9691D-8D2C-48CF-BF4B-A176E654354A}
2012-07-31 12:33:50 -------- d-----w- C:\Users\Frank\AppData\Local\{4798E81D-9CEB-4BE6-9C7C-C7CE6D23A1AA}
2012-07-31 12:33:31 -------- d-----w- C:\Users\Frank\AppData\Local\{1FEBB57E-1DCD-4A08-87B8-69F23FEA7E99}
2012-07-31 00:33:08 -------- d-----w- C:\Users\Frank\AppData\Local\{B36C5C92-CC5B-45BC-A806-B4AC34366ACC}
2012-07-31 00:32:48 -------- d-----w- C:\Users\Frank\AppData\Local\{05142009-89B4-4EA0-B2F0-8584F2DB0BD2}
2012-07-30 12:32:26 -------- d-----w- C:\Users\Frank\AppData\Local\{049FA6E1-358C-451A-8CBE-30974DAB011A}
2012-07-30 12:32:06 -------- d-----w- C:\Users\Frank\AppData\Local\{00EE01B1-B690-4EFA-ADE5-45A1DD3E317B}
2012-07-30 00:31:44 -------- d-----w- C:\Users\Frank\AppData\Local\{7344A227-6B07-481F-A8DD-0742425DEC4B}
2012-07-30 00:31:25 -------- d-----w- C:\Users\Frank\AppData\Local\{8F37763F-22D7-4310-A55E-7B27CB1E2759}
2012-07-29 12:30:36 -------- d-----w- C:\Users\Frank\AppData\Local\{A5FCB436-6548-465C-A526-0508FB2E769F}
2012-07-29 12:30:10 -------- d-----w- C:\Users\Frank\AppData\Local\{C0B55A1E-82EC-4A06-8ADB-5299BAFAC7B3}
2012-07-28 04:22:04 -------- d-----w- C:\Users\Frank\AppData\Local\Apple Computer
2012-07-28 04:16:48 -------- d-----w- C:\Users\Frank\AppData\Local\Apple
2012-07-27 23:33:44 -------- d-----w- C:\Users\Frank\AppData\Local\{E1601DEF-D351-4A35-93E8-CD063F95B101}
2012-07-27 23:32:48 -------- d-----w- C:\Users\Frank\AppData\Local\{2A6811E7-87B5-471A-8709-E7EAA6D65523}
2012-07-26 23:56:38 -------- d-----w- C:\Users\Frank\AppData\Local\{480D08FE-05B4-4E46-9854-38B9A8D657E0}
2012-07-26 23:55:52 -------- d-----w- C:\Users\Frank\AppData\Local\{569496B3-FBC3-4131-83D5-9C8D4191BE8B}
2012-07-25 23:01:10 -------- d-----w- C:\Users\Frank\AppData\Local\{5BCE7A67-2531-49A5-B28B-BB10ACE45E3C}
2012-07-25 23:00:50 -------- d-----w- C:\Users\Frank\AppData\Local\{B02A9EF5-0471-4D0A-9D0B-C8E559BE31D1}
2012-07-25 11:00:28 -------- d-----w- C:\Users\Frank\AppData\Local\{90868ADE-1E0B-4703-B5E2-2B3632BD0768}
2012-07-25 11:00:09 -------- d-----w- C:\Users\Frank\AppData\Local\{ED9D0C1C-CA6E-4AFF-B3B5-DEADA4C34932}
2012-07-24 22:59:30 -------- d-----w- C:\Users\Frank\AppData\Local\{45EED2F2-0A4B-4E4B-A2A0-C17B51F57F73}
2012-07-24 22:59:11 -------- d-----w- C:\Users\Frank\AppData\Local\{9D973508-A752-4E65-8B7E-486705A79B4D}
2012-07-24 10:58:36 -------- d-----w- C:\Users\Frank\AppData\Local\{DFC8E264-6FA0-4BE7-A81D-66FAB57CBFC6}
2012-07-24 10:58:16 -------- d-----w- C:\Users\Frank\AppData\Local\{D393FB5D-4222-4983-9FDD-035B19B8AC54}
2012-07-23 22:57:04 -------- d-----w- C:\Users\Frank\AppData\Local\{C837E191-E902-4DE9-9A12-98BD98F56044}
2012-07-23 22:56:29 -------- d-----w- C:\Users\Frank\AppData\Local\{DE7E4B39-33FB-4017-9FAE-8C481B929705}
2012-07-23 12:25:09 -------- d-----w- C:\Users\Frank\AppData\Local\Macromedia
2012-07-22 22:45:46 -------- d-----w- C:\Users\Frank\AppData\Local\{2CF8D411-E71D-4941-A40A-92A03D7C310F}
2012-07-22 22:45:35 -------- d-----w- C:\Users\Frank\AppData\Local\{AC9A5A06-03E1-43E5-95B8-E64F668ED130}
2012-07-22 10:45:05 -------- d-----w- C:\Users\Frank\AppData\Local\{771EBDF8-0BC9-416F-88E1-EE304A020F7F}
2012-07-21 22:44:42 -------- d-----w- C:\Users\Frank\AppData\Local\{AC76040E-9C00-4E9C-827D-CC8910D6FFF5}
2012-07-21 22:44:31 -------- d-----w- C:\Users\Frank\AppData\Local\{3B3EE36C-C5A3-466A-99F2-F243865EE9A1}
2012-07-21 10:44:00 -------- d-----w- C:\Users\Frank\AppData\Local\{A110B8E7-FC29-4E98-B36F-34B046D665B8}
2012-07-20 22:42:51 -------- d-----w- C:\Users\Frank\AppData\Local\{4599F7C7-C611-42FC-B361-BF580B2D3340}
2012-07-20 22:41:43 -------- d-----w- C:\Users\Frank\AppData\Local\{9479087D-DDF5-493B-8E9B-088AB1D9C54D}
2012-07-20 22:37:18 -------- d-----w- C:\Windows\pss
2012-07-20 06:21:53 -------- d-----w- C:\Users\Frank\AppData\Local\IsolatedStorage
2012-07-20 06:21:48 -------- d-----w- C:\Users\Frank\AppData\Local\Futuremark_Corporation
2012-07-20 06:18:10 -------- d-----w- C:\Program Files\Futuremark
2012-07-20 05:52:33 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2012-07-20 02:10:12 -------- d-----w- C:\Users\Frank\AppData\Local\{22D6B4F9-E9B4-4583-9BC5-8653C00D2454}
2012-07-20 02:09:37 -------- d-----w- C:\Users\Frank\AppData\Local\{1984F548-6965-4288-BAD9-07529D8CD68D}
2012-07-20 01:19:53 -------- d-----w- C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-07-20 01:07:55 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-07-20 01:07:55 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-20 01:07:55 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-20 01:07:55 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-07-20 01:07:55 1614440 ----a-w- C:\Windows\System32\nvdispco642090.dll
2012-07-20 01:07:55 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-07-20 01:07:55 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2012-07-20 01:07:55 1359976 ----a-w- C:\Windows\System32\nvgenco642040.dll
2012-07-20 01:07:54 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-07-20 01:07:54 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2012-07-20 00:59:41 -------- d-----w- C:\Users\Frank\AppData\Local\{733706E9-C853-4B86-8F06-C04B20EE8924}
2012-07-20 00:58:39 -------- d-----w- C:\Users\Frank\AppData\Local\{ED98D62F-ECAD-474A-B664-D9013BF88758}
2012-07-16 23:42:56 -------- d-----w- C:\Program Files\Speccy
2012-07-15 20:01:37 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-15 20:01:34 -------- d-----w- C:\Users\Frank\AppData\Local\PunkBuster
2012-07-15 20:00:57 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-07-15 19:57:49 -------- d-----w- C:\ProgramData\EA Core
2012-07-15 19:57:45 -------- d-----w- C:\ProgramData\EA Logs
2012-07-15 12:56:32 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-07-15 12:56:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-15 12:56:15 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-15 12:56:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-15 02:38:12 -------- d-----w- C:\Users\Frank\AppData\Local\Origin
2012-07-15 02:38:12 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-07-15 02:38:09 -------- d-----w- C:\ProgramData\Origin
2012-07-15 02:36:51 -------- d-----w- C:\Users\Frank\AppData\Roaming\Origin
2012-07-15 02:36:49 -------- d-----w- C:\ProgramData\Electronic Arts
2012-07-15 02:36:10 -------- d-----w- C:\Program Files (x86)\Origin
2012-07-14 22:17:58 -------- d-----w- C:\Users\Frank\AppData\Local\{C665562E-D712-4E7B-A655-245C75D8F6D8}
2012-07-14 22:17:46 -------- d-----w- C:\Users\Frank\AppData\Local\{D1B34AE6-B086-44D8-B176-873D3C21874C}
2012-07-14 02:00:53 -------- d-----w- C:\Users\Frank\AppData\Roaming\Tific
2012-07-13 15:05:26 -------- d-----w- C:\Users\Frank\AppData\Local\{A6E60C2D-F569-4D4E-8048-7F23AC029882}
2012-07-13 03:05:02 -------- d-----w- C:\Users\Frank\AppData\Local\{6BFE9F8E-FE01-4827-9D8B-D186A81C6138}
2012-07-12 15:04:39 -------- d-----w- C:\Users\Frank\AppData\Local\{EA2C20D5-FDD3-42B2-AC2D-7220277BD593}
2012-07-12 03:04:14 -------- d-----w- C:\Users\Frank\AppData\Local\{69758B18-CB97-4DAB-B1A5-E9BC71A21BA0}
2012-07-12 03:04:03 -------- d-----w- C:\Users\Frank\AppData\Local\{B2DB7676-7463-4F8C-AA2C-FB0480EAF4C3}
2012-07-10 14:47:19 -------- d-----w- C:\Users\Frank\AppData\Local\{1D072359-D742-47B6-82D1-5485844D4FE0}
2012-07-10 02:46:55 -------- d-----w- C:\Users\Frank\AppData\Local\{54939372-229E-4CC8-A5CE-AB5A6C1C6B34}
2012-07-10 02:46:44 -------- d-----w- C:\Users\Frank\AppData\Local\{A17A0726-C087-4F54-90C7-088CEDE9507B}
2012-07-09 14:46:17 -------- d-----w- C:\Users\Frank\AppData\Local\{E3CBEB35-832F-4AB1-B62E-A6A0D0F9A05C}
2012-07-09 14:46:07 -------- d-----w- C:\Users\Frank\AppData\Local\{14B73E41-41D2-40DD-AC3F-95FA07960F43}
2012-07-09 02:45:55 -------- d-----w- C:\Users\Frank\AppData\Local\{F807B68F-D509-4342-8E3E-723EA2E7141D}
2012-07-09 02:45:45 -------- d-----w- C:\Users\Frank\AppData\Local\{1027FE85-6DDF-46F1-A58C-316E99B990FA}
2012-07-08 14:45:33 -------- d-----w- C:\Users\Frank\AppData\Local\{496E3265-670A-44AA-965B-EABB7E4E80DA}
2012-07-08 14:45:23 -------- d-----w- C:\Users\Frank\AppData\Local\{936645F6-9520-4112-834B-F0F9AD0F3C75}
2012-07-08 02:45:10 -------- d-----w- C:\Users\Frank\AppData\Local\{00872AAC-BC85-411D-BF37-76A78B432942}
2012-07-08 02:44:59 -------- d-----w- C:\Users\Frank\AppData\Local\{A7549A1F-0A8E-464F-A770-8523F446A650}
2012-07-07 14:44:47 -------- d-----w- C:\Users\Frank\AppData\Local\{2A41055C-C100-4CC6-8A52-0A8528E24B10}
2012-07-07 14:44:37 -------- d-----w- C:\Users\Frank\AppData\Local\{4D09E1EA-6743-4CE9-9CC5-CAFA0622BD98}
2012-07-07 02:44:25 -------- d-----w- C:\Users\Frank\AppData\Local\{D5372EB1-253C-43A4-A9F0-25255B495BF9}
2012-07-07 02:44:14 -------- d-----w- C:\Users\Frank\AppData\Local\{3683B821-DFF4-47D1-A9DE-33A3F6DB9F45}
2012-07-06 14:44:02 -------- d-----w- C:\Users\Frank\AppData\Local\{6ADDF12B-B5DA-4F81-A7A4-04E876E066DC}
2012-07-06 14:43:51 -------- d-----w- C:\Users\Frank\AppData\Local\{46AB9DE9-0DD6-48C0-AFA1-25FCCB086885}
2012-07-06 02:43:38 -------- d-----w- C:\Users\Frank\AppData\Local\{A7043EAC-9756-47A9-B78B-19D539F85E54}
2012-07-06 02:43:28 -------- d-----w- C:\Users\Frank\AppData\Local\{4E8327F7-A782-45C6-ACD2-021F964307BB}
2012-07-05 14:43:15 -------- d-----w- C:\Users\Frank\AppData\Local\{297A9507-E992-4806-8BC4-2553609A1B95}
2012-07-05 14:43:05 -------- d-----w- C:\Users\Frank\AppData\Local\{099A60AF-C128-496E-B4A0-B68567E12D1A}
2012-07-05 02:42:50 -------- d-----w- C:\Users\Frank\AppData\Local\{DC6C7CE5-ED3A-4521-90B5-E2A493FD542B}
2012-07-05 02:42:40 -------- d-----w- C:\Users\Frank\AppData\Local\{D8051100-1F16-468D-B987-2944B22D3640}
2012-07-04 14:42:15 -------- d-----w- C:\Users\Frank\AppData\Local\{614B74F5-2ACB-4A67-AFB9-90A55E166BAA}
2012-07-04 14:42:05 -------- d-----w- C:\Users\Frank\AppData\Local\{333A05AF-3D6A-404E-A61D-5E35E8092D67}
2012-07-04 02:41:51 -------- d-----w- C:\Users\Frank\AppData\Local\{BA3DD83B-6197-4058-8210-CE7525EE8BDE}
2012-07-04 02:41:39 -------- d-----w- C:\Users\Frank\AppData\Local\{E6D6F706-B842-4B24-BE70-62810875B56C}
2012-07-03 14:41:25 -------- d-----w- C:\Users\Frank\AppData\Local\{C64E32F1-5939-4CF5-8301-D5ED570F3962}
2012-07-03 14:41:14 -------- d-----w- C:\Users\Frank\AppData\Local\{9A7C0847-F7FD-4B97-87F7-F42A854ED3D5}
2012-07-03 02:41:02 -------- d-----w- C:\Users\Frank\AppData\Local\{1168C574-CFE1-4922-B167-5A2DFFD545BC}
2012-07-03 02:40:51 -------- d-----w- C:\Users\Frank\AppData\Local\{57CC8ED0-9E69-4E00-B3E5-C7D2720AC703}
.
==================== Find3M ====================
.
2012-08-01 08:23:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-01 08:23:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-01 08:23:40 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-27 14:20:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 14:20:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-20 07:28:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 14:01:59 89088 ----a-w- C:\Windows\System32\ie4uinit.exe
2012-06-04 03:28:44 58957832 ----a-w- C:\Windows\System32\mrt.exe
2012-06-02 22:19:46 38424 ----a-w- C:\Windows\System32\wups.dll
2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\System32\wuaueng.dll
2012-06-02 22:19:42 57880 ----a-w- C:\Windows\System32\wuauclt.exe
2012-06-02 22:19:42 44056 ----a-w- C:\Windows\System32\wups2.dll
2012-06-02 22:19:32 35864 ----a-w- C:\Windows\SysWow64\wups.dll
2012-06-02 22:19:23 701976 ----a-w- C:\Windows\System32\wuapi.dll
2012-06-02 22:19:23 577048 ----a-w- C:\Windows\SysWow64\wuapi.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-05-15 20:15:08 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2010-09-17 21:22:48 1874602064 ----a-w- C:\Program Files (x86)\VindictusVBSetupV104.exe
.
============= FINISH: 12:07:21.77 ===============

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 01 August 2012 - 02:14 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 August 2012 - 01:06 AM

Hey D-FRED. Sorry for delayed response, busy day. update on the situation- tdsskiller ran fine and detected two threats, I skipped both and rebooted. Have the .txt on my desktop. Currently running combofix, it updated and started successfully however while it was performing stages 1-50 I was getting constant error messages like 'pev.3xe has stopped working'. It didn't notify me about any conflicting software before starting so I'm not sure what's causing that. Anyway I didnt touch anything and it completed those stages however combofix has now been stuck on 'System file is infected!! Attempting to restore C:\Windows\system32\services.exe' for a few hours now. Ill leave it running and wait for your response or just post the logs you requested if everything finishes. Posting this message on my phone btw
Thanks

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 02 August 2012 - 01:15 AM

Go ahead and post the logs that you have. If ComboFix doesn't complete its scan, try running it again and posting both logs. Let me know how things go.

Edited by D-FRED-BROWN, 02 August 2012 - 01:19 AM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 August 2012 - 01:41 AM

Combofix finally showed some progress and is deleting files now. Once its finished ill post all the logs up.

#6 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 August 2012 - 03:15 AM

TDSS:

01:22:43.0185 4696 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:22:43.0536 4696 ============================================================
01:22:43.0536 4696 Current date / time: 2012/08/02 01:22:43.0536
01:22:43.0536 4696 SystemInfo:
01:22:43.0536 4696
01:22:43.0536 4696 OS Version: 6.0.6002 ServicePack: 2.0
01:22:43.0536 4696 Product type: Workstation
01:22:43.0536 4696 ComputerName: FRANKSPC
01:22:43.0536 4696 UserName: Frank
01:22:43.0536 4696 Windows directory: C:\Windows
01:22:43.0536 4696 System windows directory: C:\Windows
01:22:43.0536 4696 Running under WOW64
01:22:43.0536 4696 Processor architecture: Intel x64
01:22:43.0536 4696 Number of processors: 2
01:22:43.0536 4696 Page size: 0x1000
01:22:43.0536 4696 Boot type: Normal boot
01:22:43.0536 4696 ============================================================
01:22:44.0373 4696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:22:44.0376 4696 ============================================================
01:22:44.0376 4696 \Device\Harddisk0\DR0:
01:22:44.0376 4696 MBR partitions:
01:22:44.0376 4696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
01:22:44.0377 4696 ============================================================
01:22:44.0402 4696 C: <-> \Device\Harddisk0\DR0\Partition0
01:22:44.0402 4696 ============================================================
01:22:44.0402 4696 Initialize success
01:22:44.0402 4696 ============================================================
01:22:53.0301 2128 ============================================================
01:22:53.0302 2128 Scan started
01:22:53.0302 2128 Mode: Manual;
01:22:53.0302 2128 ============================================================
01:22:54.0636 2128 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
01:22:54.0638 2128 ACPI - ok
01:22:54.0727 2128 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:22:54.0728 2128 AdobeARMservice - ok
01:22:54.0836 2128 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:22:54.0837 2128 AdobeFlashPlayerUpdateSvc - ok
01:22:54.0879 2128 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
01:22:54.0886 2128 adp94xx - ok
01:22:54.0915 2128 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
01:22:54.0919 2128 adpahci - ok
01:22:54.0936 2128 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
01:22:54.0938 2128 adpu160m - ok
01:22:54.0964 2128 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
01:22:54.0966 2128 adpu320 - ok
01:22:54.0987 2128 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
01:22:54.0987 2128 AeLookupSvc - ok
01:22:55.0041 2128 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
01:22:55.0047 2128 AFD - ok
01:22:55.0066 2128 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
01:22:55.0067 2128 agp440 - ok
01:22:55.0083 2128 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
01:22:55.0084 2128 aic78xx - ok
01:22:55.0478 2128 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
01:22:55.0478 2128 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
01:22:55.0488 2128 Akamai ( HiddenFile.Multi.Generic ) - warning
01:22:55.0488 2128 Akamai - detected HiddenFile.Multi.Generic (1)
01:22:55.0576 2128 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
01:22:55.0578 2128 ALG - ok
01:22:55.0614 2128 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
01:22:55.0615 2128 aliide - ok
01:22:55.0629 2128 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
01:22:55.0630 2128 amdide - ok
01:22:55.0647 2128 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
01:22:55.0648 2128 AmdK8 - ok
01:22:55.0656 2128 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
01:22:55.0657 2128 Appinfo - ok
01:22:55.0691 2128 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
01:22:55.0693 2128 arc - ok
01:22:55.0712 2128 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
01:22:55.0714 2128 arcsas - ok
01:22:55.0758 2128 aspnet_state - ok
01:22:55.0776 2128 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:55.0777 2128 AsyncMac - ok
01:22:55.0806 2128 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
01:22:55.0806 2128 atapi - ok
01:22:55.0821 2128 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
01:22:55.0822 2128 AtiPcie - ok
01:22:55.0880 2128 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
01:22:55.0886 2128 AudioEndpointBuilder - ok
01:22:55.0891 2128 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
01:22:55.0894 2128 AudioSrv - ok
01:22:55.0957 2128 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
01:22:55.0959 2128 BBSvc - ok
01:22:56.0037 2128 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
01:22:56.0043 2128 BFE - ok
01:22:56.0087 2128 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
01:22:56.0088 2128 blbdrive - ok
01:22:56.0135 2128 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
01:22:56.0136 2128 bowser - ok
01:22:56.0152 2128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
01:22:56.0153 2128 BrFiltLo - ok
01:22:56.0167 2128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
01:22:56.0168 2128 BrFiltUp - ok
01:22:56.0192 2128 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
01:22:56.0194 2128 Browser - ok
01:22:56.0218 2128 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
01:22:56.0220 2128 Brserid - ok
01:22:56.0238 2128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
01:22:56.0239 2128 BrSerWdm - ok
01:22:56.0263 2128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
01:22:56.0263 2128 BrUsbMdm - ok
01:22:56.0271 2128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
01:22:56.0272 2128 BrUsbSer - ok
01:22:56.0296 2128 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
01:22:56.0298 2128 BTHMODEM - ok
01:22:56.0326 2128 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:56.0327 2128 cdfs - ok
01:22:56.0355 2128 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:56.0357 2128 cdrom - ok
01:22:56.0386 2128 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
01:22:56.0387 2128 CertPropSvc - ok
01:22:56.0396 2128 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
01:22:56.0397 2128 circlass - ok
01:22:56.0435 2128 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
01:22:56.0440 2128 CLFS - ok
01:22:56.0499 2128 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:22:56.0501 2128 clr_optimization_v2.0.50727_32 - ok
01:22:56.0523 2128 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:22:56.0525 2128 clr_optimization_v2.0.50727_64 - ok
01:22:56.0581 2128 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:22:56.0582 2128 clr_optimization_v4.0.30319_32 - ok
01:22:56.0634 2128 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:22:56.0635 2128 clr_optimization_v4.0.30319_64 - ok
01:22:56.0656 2128 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
01:22:56.0657 2128 cmdide - ok
01:22:56.0668 2128 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
01:22:56.0669 2128 Compbatt - ok
01:22:56.0673 2128 COMSysApp - ok
01:22:56.0692 2128 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
01:22:56.0693 2128 crcdisk - ok
01:22:56.0733 2128 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
01:22:56.0735 2128 CryptSvc - ok
01:22:56.0768 2128 danewFltr (329bc03a1ccd45941df52dc021d27ac5) C:\Windows\system32\drivers\danew.sys
01:22:56.0769 2128 danewFltr - ok
01:22:56.0843 2128 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
01:22:56.0853 2128 DcomLaunch - ok
01:22:56.0882 2128 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
01:22:56.0884 2128 DfsC - ok
01:22:57.0135 2128 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
01:22:57.0177 2128 DFSR - ok
01:22:57.0294 2128 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
01:22:57.0296 2128 Dhcp - ok
01:22:57.0339 2128 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
01:22:57.0341 2128 disk - ok
01:22:57.0378 2128 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
01:22:57.0380 2128 Dnscache - ok
01:22:57.0405 2128 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
01:22:57.0407 2128 dot3svc - ok
01:22:57.0435 2128 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
01:22:57.0437 2128 DPS - ok
01:22:57.0452 2128 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
01:22:57.0452 2128 drmkaud - ok
01:22:57.0534 2128 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:57.0545 2128 DXGKrnl - ok
01:22:57.0577 2128 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
01:22:57.0582 2128 e1express - ok
01:22:57.0606 2128 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
01:22:57.0608 2128 E1G60 - ok
01:22:57.0667 2128 eac_notifysvc (bbd683974d4bf2b9e2d8638cf503acd8) C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
01:22:57.0669 2128 eac_notifysvc - ok
01:22:57.0702 2128 eac_productsvc (44bce248ca00dac64bc1ce25adf18aca) C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
01:22:57.0705 2128 eac_productsvc - ok
01:22:57.0722 2128 EagleX64 - ok
01:22:57.0757 2128 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
01:22:57.0759 2128 EapHost - ok
01:22:57.0789 2128 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
01:22:57.0791 2128 Ecache - ok
01:22:57.0849 2128 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
01:22:57.0854 2128 ehRecvr - ok
01:22:57.0878 2128 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
01:22:57.0881 2128 ehSched - ok
01:22:57.0895 2128 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
01:22:57.0895 2128 ehstart - ok
01:22:57.0938 2128 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
01:22:57.0944 2128 elxstor - ok
01:22:57.0999 2128 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
01:22:58.0004 2128 EMDMgmt - ok
01:22:58.0019 2128 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
01:22:58.0020 2128 ENTECH64 - ok
01:22:58.0035 2128 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
01:22:58.0036 2128 ErrDev - ok
01:22:58.0091 2128 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
01:22:58.0096 2128 EventSystem - ok
01:22:58.0117 2128 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
01:22:58.0119 2128 exfat - ok
01:22:58.0166 2128 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
01:22:58.0169 2128 fastfat - ok
01:22:58.0185 2128 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
01:22:58.0186 2128 fdc - ok
01:22:58.0206 2128 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
01:22:58.0207 2128 fdPHost - ok
01:22:58.0221 2128 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
01:22:58.0222 2128 FDResPub - ok
01:22:58.0233 2128 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
01:22:58.0234 2128 FileInfo - ok
01:22:58.0252 2128 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
01:22:58.0253 2128 Filetrace - ok
01:22:58.0269 2128 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:22:58.0270 2128 flpydisk - ok
01:22:58.0302 2128 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
01:22:58.0306 2128 FltMgr - ok
01:22:58.0425 2128 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
01:22:58.0438 2128 FontCache - ok
01:22:58.0483 2128 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:22:58.0484 2128 FontCache3.0.0.0 - ok
01:22:58.0510 2128 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:58.0511 2128 Fs_Rec - ok
01:22:58.0587 2128 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
01:22:58.0588 2128 Futuremark SystemInfo Service - ok
01:22:58.0608 2128 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
01:22:58.0610 2128 gagp30kx - ok
01:22:58.0674 2128 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
01:22:58.0678 2128 gpsvc - ok
01:22:58.0722 2128 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:58.0723 2128 gupdate - ok
01:22:58.0727 2128 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:58.0728 2128 gupdatem - ok
01:22:58.0776 2128 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
01:22:58.0780 2128 HdAudAddService - ok
01:22:58.0843 2128 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:22:58.0852 2128 HDAudBus - ok
01:22:58.0885 2128 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
01:22:58.0886 2128 HidBth - ok
01:22:58.0918 2128 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
01:22:58.0919 2128 HidIr - ok
01:22:58.0945 2128 hidkmdf (207c7ed27ba6add3985a90671c931b55) C:\Windows\system32\DRIVERS\hidkmdf.sys
01:22:58.0945 2128 hidkmdf - ok
01:22:58.0969 2128 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
01:22:58.0971 2128 hidserv - ok
01:22:59.0002 2128 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:59.0003 2128 HidUsb - ok
01:22:59.0024 2128 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
01:22:59.0025 2128 hkmsvc - ok
01:22:59.0088 2128 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
01:22:59.0091 2128 HpCISSs - ok
01:22:59.0206 2128 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
01:22:59.0215 2128 HTTP - ok
01:22:59.0230 2128 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
01:22:59.0231 2128 i2omp - ok
01:22:59.0244 2128 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
01:22:59.0245 2128 i8042prt - ok
01:22:59.0278 2128 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
01:22:59.0282 2128 iaStorV - ok
01:22:59.0362 2128 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:22:59.0372 2128 idsvc - ok
01:22:59.0404 2128 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
01:22:59.0405 2128 iirsp - ok
01:22:59.0444 2128 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
01:22:59.0450 2128 IKEEXT - ok
01:22:59.0473 2128 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
01:22:59.0474 2128 intelide - ok
01:22:59.0484 2128 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:59.0486 2128 intelppm - ok
01:22:59.0522 2128 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
01:22:59.0525 2128 IPBusEnum - ok
01:22:59.0548 2128 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:59.0550 2128 IpFilterDriver - ok
01:22:59.0579 2128 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
01:22:59.0582 2128 iphlpsvc - ok
01:22:59.0586 2128 IpInIp - ok
01:22:59.0607 2128 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
01:22:59.0609 2128 IPMIDRV - ok
01:22:59.0633 2128 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
01:22:59.0635 2128 IPNAT - ok
01:22:59.0658 2128 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
01:22:59.0659 2128 IRENUM - ok
01:22:59.0687 2128 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
01:22:59.0688 2128 isapnp - ok
01:22:59.0740 2128 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
01:22:59.0742 2128 iScsiPrt - ok
01:22:59.0762 2128 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
01:22:59.0763 2128 iteatapi - ok
01:22:59.0777 2128 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
01:22:59.0778 2128 iteraid - ok
01:22:59.0808 2128 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:59.0809 2128 kbdclass - ok
01:22:59.0821 2128 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:59.0822 2128 kbdhid - ok
01:22:59.0846 2128 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
01:22:59.0847 2128 KeyIso - ok
01:22:59.0891 2128 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
01:22:59.0898 2128 KSecDD - ok
01:22:59.0902 2128 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
01:22:59.0903 2128 ksthunk - ok
01:22:59.0949 2128 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
01:22:59.0955 2128 KtmRm - ok
01:22:59.0991 2128 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
01:22:59.0994 2128 LanmanServer - ok
01:23:00.0033 2128 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
01:23:00.0037 2128 LanmanWorkstation - ok
01:23:00.0051 2128 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
01:23:00.0052 2128 lltdio - ok
01:23:00.0081 2128 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
01:23:00.0086 2128 lltdsvc - ok
01:23:00.0105 2128 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
01:23:00.0106 2128 lmhosts - ok
01:23:00.0141 2128 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
01:23:00.0143 2128 LSI_FC - ok
01:23:00.0167 2128 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
01:23:00.0169 2128 LSI_SAS - ok
01:23:00.0202 2128 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
01:23:00.0204 2128 LSI_SCSI - ok
01:23:00.0216 2128 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
01:23:00.0218 2128 luafv - ok
01:23:00.0241 2128 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
01:23:00.0242 2128 MBAMProtector - ok
01:23:00.0317 2128 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:23:00.0321 2128 MBAMService - ok
01:23:00.0340 2128 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
01:23:00.0342 2128 Mcx2Svc - ok
01:23:00.0379 2128 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
01:23:00.0381 2128 megasas - ok
01:23:00.0404 2128 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
01:23:00.0409 2128 MegaSR - ok
01:23:00.0420 2128 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
01:23:00.0421 2128 MMCSS - ok
01:23:00.0438 2128 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
01:23:00.0439 2128 Modem - ok
01:23:00.0445 2128 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
01:23:00.0446 2128 monitor - ok
01:23:00.0468 2128 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
01:23:00.0469 2128 mouclass - ok
01:23:00.0481 2128 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
01:23:00.0482 2128 mouhid - ok
01:23:00.0498 2128 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
01:23:00.0500 2128 MountMgr - ok
01:23:00.0585 2128 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:23:00.0587 2128 MozillaMaintenance - ok
01:23:00.0620 2128 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
01:23:00.0623 2128 mpio - ok
01:23:00.0641 2128 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
01:23:00.0643 2128 mpsdrv - ok
01:23:00.0656 2128 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
01:23:00.0657 2128 Mraid35x - ok
01:23:00.0684 2128 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
01:23:00.0687 2128 MRxDAV - ok
01:23:00.0714 2128 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:23:00.0717 2128 mrxsmb - ok
01:23:00.0753 2128 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:23:00.0757 2128 mrxsmb10 - ok
01:23:00.0774 2128 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:23:00.0776 2128 mrxsmb20 - ok
01:23:00.0804 2128 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
01:23:00.0805 2128 msahci - ok
01:23:00.0821 2128 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
01:23:00.0823 2128 msdsm - ok
01:23:00.0856 2128 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
01:23:00.0858 2128 MSDTC - ok
01:23:00.0875 2128 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
01:23:00.0876 2128 Msfs - ok
01:23:00.0880 2128 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
01:23:00.0881 2128 msisadrv - ok
01:23:00.0917 2128 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
01:23:00.0920 2128 MSiSCSI - ok
01:23:00.0924 2128 msiserver - ok
01:23:00.0936 2128 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
01:23:00.0937 2128 MSKSSRV - ok
01:23:00.0949 2128 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
01:23:00.0950 2128 MSPCLOCK - ok
01:23:00.0971 2128 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
01:23:00.0972 2128 MSPQM - ok
01:23:01.0019 2128 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
01:23:01.0024 2128 MsRPC - ok
01:23:01.0041 2128 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
01:23:01.0042 2128 mssmbios - ok
01:23:01.0054 2128 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
01:23:01.0055 2128 MSTEE - ok
01:23:01.0074 2128 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
01:23:01.0075 2128 MTsensor - ok
01:23:01.0151 2128 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
01:23:01.0159 2128 Mup - ok
01:23:01.0224 2128 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
01:23:01.0231 2128 napagent - ok
01:23:01.0255 2128 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
01:23:01.0258 2128 NativeWifiP - ok
01:23:01.0348 2128 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
01:23:01.0358 2128 NDIS - ok
01:23:01.0376 2128 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
01:23:01.0377 2128 NdisTapi - ok
01:23:01.0389 2128 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
01:23:01.0390 2128 Ndisuio - ok
01:23:01.0425 2128 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
01:23:01.0428 2128 NdisWan - ok
01:23:01.0437 2128 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
01:23:01.0439 2128 NDProxy - ok
01:23:01.0452 2128 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
01:23:01.0453 2128 NetBIOS - ok
01:23:01.0475 2128 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
01:23:01.0478 2128 netbt - ok
01:23:01.0512 2128 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
01:23:01.0513 2128 Netlogon - ok
01:23:01.0585 2128 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
01:23:01.0590 2128 Netman - ok
01:23:01.0626 2128 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
01:23:01.0631 2128 netprofm - ok
01:23:01.0693 2128 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:23:01.0695 2128 NetTcpPortSharing - ok
01:23:01.0720 2128 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
01:23:01.0721 2128 nfrd960 - ok
01:23:01.0760 2128 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
01:23:01.0764 2128 NlaSvc - ok
01:23:01.0795 2128 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
01:23:01.0796 2128 Npfs - ok
01:23:01.0807 2128 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
01:23:01.0808 2128 nsi - ok
01:23:01.0817 2128 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
01:23:01.0818 2128 nsiproxy - ok
01:23:01.0946 2128 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
01:23:01.0966 2128 Ntfs - ok
01:23:02.0060 2128 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
01:23:02.0061 2128 NuidFltr - ok
01:23:02.0078 2128 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
01:23:02.0079 2128 Null - ok
01:23:02.0126 2128 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
01:23:02.0128 2128 NVHDA - ok
01:23:03.0186 2128 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:23:03.0409 2128 nvlddmkm - ok
01:23:03.0509 2128 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
01:23:03.0511 2128 nvraid - ok
01:23:03.0522 2128 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
01:23:03.0523 2128 nvstor - ok
01:23:03.0577 2128 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
01:23:03.0591 2128 nvsvc - ok
01:23:03.0709 2128 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:23:03.0721 2128 nvUpdatusService - ok
01:23:03.0803 2128 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
01:23:03.0805 2128 nv_agp - ok
01:23:03.0809 2128 NwlnkFlt - ok
01:23:03.0814 2128 NwlnkFwd - ok
01:23:03.0891 2128 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:23:03.0898 2128 odserv - ok
01:23:03.0913 2128 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
01:23:03.0914 2128 ohci1394 - ok
01:23:03.0940 2128 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:03.0942 2128 ose - ok
01:23:03.0990 2128 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
01:23:04.0000 2128 p2pimsvc - ok
01:23:04.0008 2128 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
01:23:04.0013 2128 p2psvc - ok
01:23:04.0042 2128 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
01:23:04.0043 2128 Parport - ok
01:23:04.0068 2128 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
01:23:04.0070 2128 partmgr - ok
01:23:04.0088 2128 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
01:23:04.0090 2128 PcaSvc - ok
01:23:04.0123 2128 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
01:23:04.0126 2128 pci - ok
01:23:04.0137 2128 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
01:23:04.0138 2128 pciide - ok
01:23:04.0156 2128 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
01:23:04.0159 2128 pcmcia - ok
01:23:04.0243 2128 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
01:23:04.0252 2128 PEAUTH - ok
01:23:04.0317 2128 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
01:23:04.0318 2128 PerfHost - ok
01:23:04.0441 2128 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
01:23:04.0458 2128 pla - ok
01:23:04.0493 2128 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
01:23:04.0498 2128 PlugPlay - ok
01:23:04.0512 2128 PnkBstrA - ok
01:23:04.0586 2128 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
01:23:04.0591 2128 PNRPAutoReg - ok
01:23:04.0599 2128 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
01:23:04.0603 2128 PNRPsvc - ok
01:23:04.0667 2128 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
01:23:04.0674 2128 PolicyAgent - ok
01:23:04.0733 2128 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
01:23:04.0735 2128 PptpMiniport - ok
01:23:04.0758 2128 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
01:23:04.0760 2128 Processor - ok
01:23:04.0783 2128 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
01:23:04.0787 2128 ProfSvc - ok
01:23:04.0804 2128 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
01:23:04.0805 2128 ProtectedStorage - ok
01:23:04.0831 2128 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
01:23:04.0833 2128 PSched - ok
01:23:04.0929 2128 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
01:23:04.0944 2128 ql2300 - ok
01:23:04.0963 2128 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
01:23:04.0965 2128 ql40xx - ok
01:23:05.0003 2128 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
01:23:05.0008 2128 QWAVE - ok
01:23:05.0022 2128 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
01:23:05.0023 2128 QWAVEdrv - ok
01:23:05.0037 2128 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
01:23:05.0038 2128 RasAcd - ok
01:23:05.0052 2128 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
01:23:05.0054 2128 RasAuto - ok
01:23:05.0083 2128 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:05.0085 2128 Rasl2tp - ok
01:23:05.0108 2128 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
01:23:05.0113 2128 RasMan - ok
01:23:05.0127 2128 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:05.0128 2128 RasPppoe - ok
01:23:05.0134 2128 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
01:23:05.0136 2128 RasSstp - ok
01:23:05.0152 2128 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
01:23:05.0157 2128 rdbss - ok
01:23:05.0169 2128 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:05.0170 2128 RDPCDD - ok
01:23:05.0200 2128 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
01:23:05.0209 2128 rdpdr - ok
01:23:05.0213 2128 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
01:23:05.0214 2128 RDPENCDD - ok
01:23:05.0255 2128 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
01:23:05.0258 2128 RDPWD - ok
01:23:05.0285 2128 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
01:23:05.0287 2128 RemoteAccess - ok
01:23:05.0315 2128 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
01:23:05.0319 2128 RemoteRegistry - ok
01:23:05.0325 2128 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
01:23:05.0326 2128 RpcLocator - ok
01:23:05.0360 2128 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
01:23:05.0367 2128 RpcSs - ok
01:23:05.0386 2128 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
01:23:05.0389 2128 rspndr - ok
01:23:05.0447 2128 RTCore64 (9a5a35112c4f8016abcc6363b44d3385) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
01:23:05.0448 2128 RTCore64 - ok
01:23:05.0477 2128 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
01:23:05.0479 2128 RTL8169 - ok
01:23:05.0511 2128 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
01:23:05.0511 2128 SamSs - ok
01:23:05.0526 2128 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
01:23:05.0528 2128 sbp2port - ok
01:23:05.0560 2128 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
01:23:05.0563 2128 SCardSvr - ok
01:23:05.0618 2128 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
01:23:05.0624 2128 Schedule - ok
01:23:05.0656 2128 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
01:23:05.0657 2128 SCPolicySvc - ok
01:23:05.0677 2128 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
01:23:05.0679 2128 SDRSVC - ok
01:23:05.0750 2128 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
01:23:05.0753 2128 SeaPort - ok
01:23:05.0795 2128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:23:05.0796 2128 secdrv - ok
01:23:05.0819 2128 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
01:23:05.0821 2128 seclogon - ok
01:23:05.0835 2128 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
01:23:05.0837 2128 SENS - ok
01:23:05.0858 2128 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
01:23:05.0859 2128 Serenum - ok
01:23:05.0865 2128 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
01:23:05.0867 2128 Serial - ok
01:23:05.0877 2128 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
01:23:05.0878 2128 sermouse - ok
01:23:05.0910 2128 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
01:23:05.0912 2128 SessionEnv - ok
01:23:05.0920 2128 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
01:23:05.0921 2128 sffdisk - ok
01:23:05.0935 2128 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
01:23:05.0936 2128 sffp_mmc - ok
01:23:05.0950 2128 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
01:23:05.0951 2128 sffp_sd - ok
01:23:05.0963 2128 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
01:23:05.0963 2128 sfloppy - ok
01:23:06.0006 2128 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
01:23:06.0010 2128 ShellHWDetection - ok
01:23:06.0026 2128 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
01:23:06.0027 2128 SiSRaid2 - ok
01:23:06.0041 2128 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
01:23:06.0043 2128 SiSRaid4 - ok
01:23:06.0262 2128 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
01:23:06.0293 2128 slsvc - ok
01:23:06.0394 2128 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
01:23:06.0397 2128 SLUINotify - ok
01:23:06.0438 2128 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
01:23:06.0440 2128 Smb - ok
01:23:06.0452 2128 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
01:23:06.0453 2128 SNMPTRAP - ok
01:23:06.0479 2128 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
01:23:06.0480 2128 spldr - ok
01:23:06.0529 2128 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
01:23:06.0534 2128 Spooler - ok
01:23:06.0570 2128 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
01:23:06.0575 2128 srv - ok
01:23:06.0611 2128 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
01:23:06.0613 2128 srv2 - ok
01:23:06.0626 2128 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
01:23:06.0628 2128 srvnet - ok
01:23:06.0652 2128 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
01:23:06.0655 2128 SSDPSRV - ok
01:23:06.0694 2128 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
01:23:06.0697 2128 SstpSvc - ok
01:23:06.0753 2128 sstsmonsvc (bbd683974d4bf2b9e2d8638cf503acd8) C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
01:23:06.0754 2128 sstsmonsvc - ok
01:23:06.0765 2128 Steam Client Service - ok
01:23:06.0851 2128 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:23:06.0853 2128 Stereo Service - ok
01:23:06.0920 2128 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
01:23:06.0928 2128 stisvc - ok
01:23:06.0970 2128 StopSign Update Manager (5d3d9cc54ebbe9777364f311e4b19ebf) C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
01:23:06.0971 2128 StopSign Update Manager - ok
01:23:07.0015 2128 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
01:23:07.0016 2128 swenum - ok
01:23:07.0083 2128 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
01:23:07.0087 2128 swprv - ok
01:23:07.0108 2128 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
01:23:07.0109 2128 Symc8xx - ok
01:23:07.0122 2128 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
01:23:07.0123 2128 Sym_hi - ok
01:23:07.0140 2128 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
01:23:07.0141 2128 Sym_u3 - ok
01:23:07.0217 2128 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
01:23:07.0228 2128 SysMain - ok
01:23:07.0244 2128 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
01:23:07.0247 2128 TabletInputService - ok
01:23:07.0286 2128 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
01:23:07.0291 2128 TapiSrv - ok
01:23:07.0307 2128 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
01:23:07.0309 2128 TBS - ok
01:23:07.0459 2128 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
01:23:07.0477 2128 Tcpip - ok
01:23:07.0605 2128 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
01:23:07.0611 2128 Tcpip6 - ok
01:23:07.0681 2128 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
01:23:07.0682 2128 tcpipreg - ok
01:23:07.0703 2128 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
01:23:07.0704 2128 TDPIPE - ok
01:23:07.0719 2128 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
01:23:07.0720 2128 TDTCP - ok
01:23:07.0743 2128 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
01:23:07.0745 2128 tdx - ok
01:23:07.0772 2128 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
01:23:07.0780 2128 TermDD - ok
01:23:07.0833 2128 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
01:23:07.0842 2128 TermService - ok
01:23:07.0881 2128 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
01:23:07.0883 2128 Themes - ok
01:23:07.0904 2128 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
01:23:07.0905 2128 THREADORDER - ok
01:23:07.0921 2128 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
01:23:07.0924 2128 TrkWks - ok
01:23:07.0953 2128 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
01:23:07.0954 2128 TrustedInstaller - ok
01:23:07.0981 2128 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:23:07.0982 2128 tssecsrv - ok
01:23:07.0997 2128 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
01:23:07.0998 2128 tunmp - ok
01:23:08.0025 2128 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
01:23:08.0026 2128 tunnel - ok
01:23:08.0040 2128 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
01:23:08.0041 2128 uagp35 - ok
01:23:08.0086 2128 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
01:23:08.0090 2128 udfs - ok
01:23:08.0112 2128 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
01:23:08.0113 2128 UI0Detect - ok
01:23:08.0131 2128 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
01:23:08.0133 2128 uliagpkx - ok
01:23:08.0175 2128 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
01:23:08.0179 2128 uliahci - ok
01:23:08.0199 2128 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
01:23:08.0202 2128 UlSata - ok
01:23:08.0221 2128 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
01:23:08.0223 2128 ulsata2 - ok
01:23:08.0238 2128 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
01:23:08.0239 2128 umbus - ok
01:23:08.0250 2128 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
01:23:08.0251 2128 UMPass - ok
01:23:08.0295 2128 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
01:23:08.0301 2128 upnphost - ok
01:23:08.0321 2128 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
01:23:08.0323 2128 usbccgp - ok
01:23:08.0346 2128 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
01:23:08.0348 2128 usbcir - ok
01:23:08.0384 2128 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
01:23:08.0385 2128 usbehci - ok
01:23:08.0416 2128 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
01:23:08.0420 2128 usbhub - ok
01:23:08.0432 2128 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
01:23:08.0433 2128 usbohci - ok
01:23:08.0448 2128 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
01:23:08.0448 2128 usbprint - ok
01:23:08.0463 2128 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:08.0464 2128 USBSTOR - ok
01:23:08.0484 2128 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
01:23:08.0486 2128 usbuhci - ok
01:23:08.0507 2128 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
01:23:08.0509 2128 UxSms - ok
01:23:08.0528 2128 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
01:23:08.0529 2128 VCSVADHWSer - ok
01:23:08.0568 2128 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
01:23:08.0575 2128 vds - ok
01:23:08.0601 2128 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
01:23:08.0602 2128 vga - ok
01:23:08.0618 2128 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
01:23:08.0619 2128 VgaSave - ok
01:23:08.0719 2128 VIAHdAudAddService (293a88fceaf4f264d8b47e422a654770) C:\Windows\system32\drivers\viahduaa.sys
01:23:08.0731 2128 VIAHdAudAddService - ok
01:23:08.0746 2128 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
01:23:08.0748 2128 viaide - ok
01:23:08.0794 2128 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
01:23:08.0794 2128 Viewpoint Manager Service - ok
01:23:08.0822 2128 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
01:23:08.0823 2128 VKbms - ok
01:23:08.0854 2128 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
01:23:08.0855 2128 volmgr - ok
01:23:08.0890 2128 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
01:23:08.0896 2128 volmgrx - ok
01:23:08.0926 2128 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
01:23:08.0929 2128 volsnap - ok
01:23:08.0952 2128 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
01:23:08.0955 2128 vsmraid - ok
01:23:09.0070 2128 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
01:23:09.0088 2128 VSS - ok
01:23:09.0211 2128 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
01:23:09.0217 2128 W32Time - ok
01:23:09.0245 2128 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
01:23:09.0246 2128 WacomPen - ok
01:23:09.0278 2128 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:09.0280 2128 Wanarp - ok
01:23:09.0283 2128 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:09.0284 2128 Wanarpv6 - ok
01:23:09.0340 2128 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
01:23:09.0348 2128 wcncsvc - ok
01:23:09.0371 2128 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
01:23:09.0373 2128 WcsPlugInService - ok
01:23:09.0384 2128 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
01:23:09.0385 2128 Wd - ok
01:23:09.0464 2128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:23:09.0472 2128 Wdf01000 - ok
01:23:09.0480 2128 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
01:23:09.0482 2128 WdiServiceHost - ok
01:23:09.0486 2128 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
01:23:09.0488 2128 WdiSystemHost - ok
01:23:09.0525 2128 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
01:23:09.0529 2128 WebClient - ok
01:23:09.0573 2128 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
01:23:09.0576 2128 Wecsvc - ok
01:23:09.0603 2128 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
01:23:09.0605 2128 wercplsupport - ok
01:23:09.0617 2128 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
01:23:09.0619 2128 WerSvc - ok
01:23:09.0635 2128 WinDefend - ok
01:23:09.0643 2128 WinHttpAutoProxySvc - ok
01:23:09.0703 2128 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
01:23:09.0707 2128 Winmgmt - ok
01:23:09.0863 2128 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
01:23:09.0890 2128 WinRM - ok
01:23:10.0032 2128 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
01:23:10.0041 2128 Wlansvc - ok
01:23:10.0233 2128 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:23:10.0244 2128 wlidsvc - ok
01:23:10.0354 2128 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:23:10.0355 2128 WmiAcpi - ok
01:23:10.0429 2128 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
01:23:10.0432 2128 wmiApSrv - ok
01:23:10.0456 2128 WMPNetworkSvc - ok
01:23:10.0494 2128 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
01:23:10.0497 2128 WPCSvc - ok
01:23:10.0525 2128 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
01:23:10.0527 2128 WPDBusEnum - ok
01:23:10.0669 2128 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:23:10.0683 2128 WPFFontCache_v0400 - ok
01:23:10.0717 2128 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
01:23:10.0718 2128 ws2ifsl - ok
01:23:10.0754 2128 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
01:23:10.0756 2128 wscsvc - ok
01:23:10.0760 2128 WSearch - ok
01:23:10.0954 2128 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:23:10.0985 2128 wuauserv - ok
01:23:11.0097 2128 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:23:11.0099 2128 WUDFRd - ok
01:23:11.0125 2128 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
01:23:11.0128 2128 wudfsvc - ok
01:23:11.0182 2128 WUSB54GSCv2.NTamd64 (ca3b16ea714c1aea267f828849797c41) C:\Windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys
01:23:11.0186 2128 WUSB54GSCv2.NTamd64 - ok
01:23:11.0306 2128 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:23:11.0311 2128 YahooAUService - ok
01:23:11.0328 2128 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:23:11.0384 2128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
01:23:11.0384 2128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
01:23:11.0388 2128 Boot (0x1200) (1ea7d17350144e689aee592e2e1debbb) \Device\Harddisk0\DR0\Partition0
01:23:11.0389 2128 \Device\Harddisk0\DR0\Partition0 - ok
01:23:11.0390 2128 ============================================================
01:23:11.0390 2128 Scan finished
01:23:11.0390 2128 ============================================================
01:23:11.0405 1644 Detected object count: 2
01:23:11.0406 1644 Actual detected object count: 2
01:23:48.0076 1644 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
01:23:48.0076 1644 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
01:23:48.0078 1644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
01:23:48.0078 1644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
01:24:06.0538 1840 Deinitialize success

Combofix:

ComboFix 12-07-31.03 - Frank 08/02/2012 1:30.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.4759 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: StopSign® Antivirus FREE TRIAL diagnostic version *Disabled/Updated* {7C2260BC-B889-CFCA-C920-41663706ACC9}
SP: StopSign® Antispyware FREE TRIAL diagnostic version *Disabled/Updated* {C7438158-9EB3-C044-F390-7A144C81E674}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Local\ApplicationHistory\ApplicationHistoryUpdate\ApplicationHistoryupdt32.dll
c:\users\Frank\AppData\Roaming\.#
c:\users\Frank\AppData\Roaming\.#\MBX@10BA8@26B6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@10BA8@26B66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1140@2756690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1140@27566A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1254@2C6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1254@2C66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@12728@AE6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@12728@AE66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@12FC@2346690.###
c:\users\Frank\AppData\Roaming\.#\MBX@12FC@23466A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@15708@2636690.###
c:\users\Frank\AppData\Roaming\.#\MBX@15708@26366A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@17330@386690.###
c:\users\Frank\AppData\Roaming\.#\MBX@17330@3866A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@17A78@2776690.###
c:\users\Frank\AppData\Roaming\.#\MBX@17A78@27766A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@180C8@3D6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@180C8@3D66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@19F04@2726690.###
c:\users\Frank\AppData\Roaming\.#\MBX@19F04@27266A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1A0C@2C6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1A0C@2C66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1CFD8@2376690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1CFD8@23766A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1D00@316690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1D00@3166A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@1E8C@2966690.###
c:\users\Frank\AppData\Roaming\.#\MBX@1E8C@29666A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@24460@2836690.###
c:\users\Frank\AppData\Roaming\.#\MBX@24460@28366A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@24590@396690.###
c:\users\Frank\AppData\Roaming\.#\MBX@24590@3966A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@28F34@22C6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@28F34@22C66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@2B0CC@2646690.###
c:\users\Frank\AppData\Roaming\.#\MBX@2B0CC@26466A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@307B0@2736690.###
c:\users\Frank\AppData\Roaming\.#\MBX@307B0@27366A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@450C@2876690.###
c:\users\Frank\AppData\Roaming\.#\MBX@450C@28766A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@47D4@2756690.###
c:\users\Frank\AppData\Roaming\.#\MBX@47D4@27566A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@4E10@2756690.###
c:\users\Frank\AppData\Roaming\.#\MBX@4E10@27566A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@6580@2796690.###
c:\users\Frank\AppData\Roaming\.#\MBX@6580@27966A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@68BC@2716690.###
c:\users\Frank\AppData\Roaming\.#\MBX@68BC@27166A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@8CC@AC6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@8CC@AC66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@AAFC@27D6690.###
c:\users\Frank\AppData\Roaming\.#\MBX@AAFC@27D66A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@B7D8@2656690.###
c:\users\Frank\AppData\Roaming\.#\MBX@B7D8@26566A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@CD0@2596690.###
c:\users\Frank\AppData\Roaming\.#\MBX@CD0@25966A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@D59C@366690.###
c:\users\Frank\AppData\Roaming\.#\MBX@D59C@3666A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@D928@2646690.###
c:\users\Frank\AppData\Roaming\.#\MBX@D928@26466A0.###
c:\users\Frank\AppData\Roaming\.#\MBX@FD4@2636690.###
c:\users\Frank\AppData\Roaming\.#\MBX@FD4@26366A0.###
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{135feaf2-ce1e-40b0-bbe7-966dd744a6dc}
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{135feaf2-ce1e-40b0-bbe7-966dd744a6dc}\chrome.manifest
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{135feaf2-ce1e-40b0-bbe7-966dd744a6dc}\chrome\xulcache.jar
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{135feaf2-ce1e-40b0-bbe7-966dd744a6dc}\defaults\preferences\xulcache.js
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{135feaf2-ce1e-40b0-bbe7-966dd744a6dc}\install.rdf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\SysWow64\SET166F.tmp
c:\windows\SysWow64\SETB8B.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 07:10 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe
2012-08-02 06:39 . 2012-08-02 06:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 06:39 . 2012-08-02 06:39 -------- d-----w- c:\users\UpdatusUser.FranksPc\AppData\Local\temp
2012-08-02 06:39 . 2012-08-02 06:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-08-02 06:39 . 2012-08-02 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 15:16 . 2012-08-01 15:16 -------- d-----w- c:\program files (x86)\ESET
2012-08-01 03:08 . 2012-08-01 03:08 -------- d-----w- c:\users\UpdatusUser.FranksPc\AppData\Local\CrashDumps
2012-07-28 04:22 . 2012-07-28 04:22 -------- d-----w- c:\users\Frank\AppData\Local\Apple Computer
2012-07-28 04:21 . 2012-07-29 12:28 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2012-07-28 04:18 . 2012-07-28 04:18 -------- d-----w- c:\programdata\Apple Computer
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\users\Frank\AppData\Local\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\programdata\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-23 12:25 . 2012-07-23 12:25 -------- d-----w- c:\users\Frank\AppData\Local\Macromedia
2012-07-20 06:21 . 2012-07-20 06:21 -------- d-----w- c:\users\Frank\AppData\Local\IsolatedStorage
2012-07-20 06:21 . 2012-07-20 06:21 -------- d-----w- c:\users\Frank\AppData\Local\Futuremark_Corporation
2012-07-20 06:18 . 2012-07-20 06:18 -------- d-----w- c:\program files\Futuremark
2012-07-20 05:52 . 2012-07-20 05:53 -------- d-----w- c:\program files (x86)\EVGA Precision
2012-07-20 01:19 . 2012-07-20 01:19 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-07-20 01:07 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-07-20 01:07 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-20 01:07 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-20 01:07 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-07-20 01:07 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-07-20 01:07 . 2011-01-16 23:53 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2012-07-20 01:07 . 2011-01-16 23:53 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2012-07-20 01:07 . 2010-12-02 17:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2012-07-20 01:07 . 2012-05-15 10:48 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-07-20 01:07 . 2011-01-16 23:53 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-07-16 23:42 . 2012-07-16 23:43 -------- d-----w- c:\program files\Speccy
2012-07-15 20:01 . 2012-08-01 08:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 20:01 . 2012-07-15 20:01 -------- d-----w- c:\users\Frank\AppData\Local\PunkBuster
2012-07-15 20:00 . 2012-07-15 20:01 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-07-15 19:57 . 2012-07-15 19:57 -------- d-----w- c:\programdata\EA Core
2012-07-15 19:57 . 2012-07-15 22:01 -------- d-----w- c:\programdata\EA Logs
2012-07-15 12:56 . 2012-07-15 12:56 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-07-15 12:56 . 2012-08-01 08:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 12:56 . 2012-08-01 08:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-15 12:56 . 2012-07-20 07:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-15 02:38 . 2012-07-15 10:43 -------- d-----w- c:\program files (x86)\Origin Games
2012-07-15 02:38 . 2012-07-15 02:38 -------- d-----w- c:\users\Frank\AppData\Local\Origin
2012-07-15 02:38 . 2012-07-15 19:57 -------- d-----w- c:\programdata\Origin
2012-07-15 02:36 . 2012-07-15 02:38 -------- d-----w- c:\users\Frank\AppData\Roaming\Origin
2012-07-15 02:36 . 2012-07-15 19:58 -------- d-----w- c:\programdata\Electronic Arts
2012-07-15 02:36 . 2012-07-15 02:38 -------- d-----w- c:\program files (x86)\Origin
2012-07-14 02:00 . 2012-07-14 02:00 -------- d-----w- c:\users\Frank\AppData\Roaming\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:20 . 2012-04-21 10:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 14:20 . 2011-08-02 06:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-12-01 09:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:02 . 2012-06-25 14:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-25 14:02 . 2012-06-25 14:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-25 14:02 . 2012-06-25 14:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-25 14:02 . 2012-06-25 14:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-25 14:02 . 2012-06-25 14:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-25 14:02 . 2012-06-25 14:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-25 14:02 . 2012-06-25 14:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-25 14:02 . 2012-06-25 14:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-25 14:02 . 2012-06-25 14:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-25 14:02 . 2012-06-25 14:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-25 14:02 . 2012-06-25 14:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-25 14:02 . 2012-06-25 14:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-25 14:02 . 2012-06-25 14:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-25 14:02 . 2012-06-25 14:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-25 14:02 . 2012-06-25 14:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:02 . 2012-06-25 14:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-25 14:02 . 2012-06-25 14:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-25 14:02 . 2012-06-25 14:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-25 14:02 . 2012-06-25 14:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-25 14:02 . 2012-06-25 14:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-25 14:02 . 2012-06-25 14:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-25 14:02 . 2012-06-25 14:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-25 14:02 . 2012-06-25 14:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-25 14:02 . 2012-06-25 14:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-25 14:02 . 2012-06-25 14:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-25 14:02 . 2012-06-25 14:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-25 14:02 . 2012-06-25 14:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-25 14:02 . 2012-06-25 14:02 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-25 14:02 . 2012-06-25 14:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-25 14:02 . 2012-06-25 14:02 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-25 14:02 . 2012-06-25 14:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-25 14:02 . 2012-06-25 14:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-25 14:02 . 2012-06-25 14:02 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-25 14:02 . 2012-06-25 14:02 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-25 14:02 . 2012-06-25 14:02 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-25 14:02 . 2012-06-25 14:02 136192 ----a-w- c:\windows\system32\advpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-25 14:02 . 2012-06-25 14:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-25 14:02 . 2012-06-25 14:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-25 14:02 . 2012-06-25 14:02 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-25 14:02 . 2012-06-25 14:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-25 14:01 . 2012-06-25 14:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-25 14:01 . 2012-06-25 14:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-25 14:01 . 2012-06-25 14:01 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-25 14:01 . 2012-06-25 14:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-25 14:01 . 2012-06-25 14:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-25 14:01 . 2012-06-25 14:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-25 14:01 . 2012-06-25 14:01 448512 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:01 . 2012-06-25 14:01 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-25 14:01 . 2012-06-25 14:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-25 14:01 . 2012-06-25 14:01 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-25 14:01 . 2012-06-25 14:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-25 14:01 . 2012-06-25 14:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-25 14:01 . 2012-06-25 14:01 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-25 14:01 . 2012-06-25 14:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-25 14:01 . 2012-06-25 14:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-25 14:01 . 2012-06-25 14:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-25 14:01 . 2012-06-25 14:01 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-25 14:01 . 2012-06-25 14:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-25 14:01 . 2012-06-25 14:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-25 14:01 . 2012-06-25 14:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-25 14:01 . 2012-06-25 14:01 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-25 14:01 . 2012-06-25 14:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-25 14:01 . 2012-06-25 14:01 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-25 14:01 . 2012-06-25 14:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:01 . 2012-06-25 14:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-25 14:01 . 2012-06-25 14:01 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-19 23:55 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-04 03:28 . 2006-11-02 12:35 58957832 ----a-w- c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-21 15:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:44 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 15:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 15:44 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 15:44 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 15:44 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 15:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-15 20:15 . 2012-06-25 13:24 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 09:29 . 2011-01-16 21:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-01-16 21:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2009-08-17 06:39 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-01-16 21:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-01-16 21:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2010-09-17 21:22 . 2010-09-17 20:09 1874602064 ----a-w- c:\program files (x86)\VindictusVBSetupV104.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-06 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-07-15 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-08-26 17594880]
"SoftwareStation"="c:\program files (x86)\eAcceleration\Station\station.exe" [2011-12-14 141232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CapsUnlock.lnk - c:\program files (x86)\CapsUnlock\CapsUnlock.exe [2011-11-25 13312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-17 512000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:20]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 06:15]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\progra~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\eAcceleration\eacsvc.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\EACCEL~1\FRAMEW~1\eac_svc.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
c:\program files (x86)\eAcceleration\Station\station_bk.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-08-02 03:51:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 07:51
.
Pre-Run: 299,747,454,976 bytes free
Post-Run: 300,421,775,360 bytes free
.
- - End Of File - - AF9CE0EBC03A042CD4AF671D17B23F6E

Security check:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
StopSign® Antivirus FREE TRIAL diagnostic version
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 02 August 2012 - 01:52 PM

We've got a pretty good amount of cleaning to do.

----------Step 1----------------
Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

FCopy::
c:\windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | c:\windows\system32\Services.exe

File::
c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)


----------Step 2----------------
  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]
----------Step 3----------------
Please include both the ComboFix and ListParts reports in your next reply.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 August 2012 - 05:22 AM

Hey D-Fred. I don't have access to a flash drive at the moment, think there's any alternatives we could do? Also, the pc actually seems to be running fairly well, I haven't had a redirect since reboot and no BSOD's or random restarts either. However, I have been getting this error message: "winrscmde stopped working and was closed".
I'm still iffy about logging into anything important, so I'll wait for your word. Here's the Combofix log:

ComboFix 12-07-31.05 - Frank 08/03/2012 5:41.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5922 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank\Desktop\CFScript.txt
AV: StopSign® Antivirus FREE TRIAL diagnostic version *Disabled/Updated* {7C2260BC-B889-CFCA-C920-41663706ACC9}
SP: StopSign® Antispyware FREE TRIAL diagnostic version *Disabled/Updated* {C7438158-9EB3-C044-F390-7A144C81E674}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\system32\Services.exe
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 09:56 . 2012-08-03 09:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-03 09:56 . 2012-08-03 09:56 -------- d-----w- c:\users\UpdatusUser.FranksPc\AppData\Local\temp
2012-08-03 09:56 . 2012-08-03 09:56 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-08-03 09:56 . 2012-08-03 09:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 07:10 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe
2012-08-01 15:16 . 2012-08-01 15:16 -------- d-----w- c:\program files (x86)\ESET
2012-08-01 03:08 . 2012-08-01 03:08 -------- d-----w- c:\users\UpdatusUser.FranksPc\AppData\Local\CrashDumps
2012-07-28 04:22 . 2012-07-28 04:22 -------- d-----w- c:\users\Frank\AppData\Local\Apple Computer
2012-07-28 04:21 . 2012-07-29 12:28 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2012-07-28 04:18 . 2012-07-28 04:18 -------- d-----w- c:\programdata\Apple Computer
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\users\Frank\AppData\Local\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\programdata\Apple
2012-07-28 04:16 . 2012-07-28 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-23 12:25 . 2012-07-23 12:25 -------- d-----w- c:\users\Frank\AppData\Local\Macromedia
2012-07-20 06:21 . 2012-07-20 06:21 -------- d-----w- c:\users\Frank\AppData\Local\IsolatedStorage
2012-07-20 06:21 . 2012-07-20 06:21 -------- d-----w- c:\users\Frank\AppData\Local\Futuremark_Corporation
2012-07-20 06:18 . 2012-07-20 06:18 -------- d-----w- c:\program files\Futuremark
2012-07-20 05:52 . 2012-07-20 05:53 -------- d-----w- c:\program files (x86)\EVGA Precision
2012-07-20 01:19 . 2012-07-20 01:19 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-07-20 01:07 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-07-20 01:07 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-20 01:07 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-20 01:07 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-07-20 01:07 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-07-20 01:07 . 2011-01-16 23:53 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2012-07-20 01:07 . 2011-01-16 23:53 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2012-07-20 01:07 . 2010-12-02 17:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2012-07-20 01:07 . 2012-05-15 10:48 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-07-20 01:07 . 2011-01-16 23:53 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-07-16 23:42 . 2012-07-16 23:43 -------- d-----w- c:\program files\Speccy
2012-07-15 20:01 . 2012-08-01 08:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 20:01 . 2012-07-15 20:01 -------- d-----w- c:\users\Frank\AppData\Local\PunkBuster
2012-07-15 20:00 . 2012-07-15 20:01 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-07-15 19:57 . 2012-07-15 19:57 -------- d-----w- c:\programdata\EA Core
2012-07-15 19:57 . 2012-07-15 22:01 -------- d-----w- c:\programdata\EA Logs
2012-07-15 12:56 . 2012-07-15 12:56 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-07-15 12:56 . 2012-08-01 08:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 12:56 . 2012-08-01 08:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-15 12:56 . 2012-07-20 07:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-15 02:38 . 2012-07-15 10:43 -------- d-----w- c:\program files (x86)\Origin Games
2012-07-15 02:38 . 2012-07-15 02:38 -------- d-----w- c:\users\Frank\AppData\Local\Origin
2012-07-15 02:38 . 2012-07-15 19:57 -------- d-----w- c:\programdata\Origin
2012-07-15 02:36 . 2012-07-15 02:38 -------- d-----w- c:\users\Frank\AppData\Roaming\Origin
2012-07-15 02:36 . 2012-07-15 19:58 -------- d-----w- c:\programdata\Electronic Arts
2012-07-15 02:36 . 2012-07-15 02:38 -------- d-----w- c:\program files (x86)\Origin
2012-07-14 02:00 . 2012-07-14 02:00 -------- d-----w- c:\users\Frank\AppData\Roaming\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 19:20 . 2012-04-21 10:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 19:20 . 2011-08-02 06:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-12-01 09:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:02 . 2012-06-25 14:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-25 14:02 . 2012-06-25 14:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-25 14:02 . 2012-06-25 14:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-25 14:02 . 2012-06-25 14:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-25 14:02 . 2012-06-25 14:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-25 14:02 . 2012-06-25 14:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-25 14:02 . 2012-06-25 14:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-25 14:02 . 2012-06-25 14:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-25 14:02 . 2012-06-25 14:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-25 14:02 . 2012-06-25 14:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-25 14:02 . 2012-06-25 14:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-25 14:02 . 2012-06-25 14:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-25 14:02 . 2012-06-25 14:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-25 14:02 . 2012-06-25 14:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-25 14:02 . 2012-06-25 14:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:02 . 2012-06-25 14:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-25 14:02 . 2012-06-25 14:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-25 14:02 . 2012-06-25 14:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-25 14:02 . 2012-06-25 14:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-25 14:02 . 2012-06-25 14:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-25 14:02 . 2012-06-25 14:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-25 14:02 . 2012-06-25 14:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-25 14:02 . 2012-06-25 14:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-25 14:02 . 2012-06-25 14:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-25 14:02 . 2012-06-25 14:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-25 14:02 . 2012-06-25 14:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-25 14:02 . 2012-06-25 14:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-25 14:02 . 2012-06-25 14:02 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-25 14:02 . 2012-06-25 14:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-25 14:02 . 2012-06-25 14:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-25 14:02 . 2012-06-25 14:02 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-25 14:02 . 2012-06-25 14:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-25 14:02 . 2012-06-25 14:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-25 14:02 . 2012-06-25 14:02 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-25 14:02 . 2012-06-25 14:02 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-25 14:02 . 2012-06-25 14:02 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-25 14:02 . 2012-06-25 14:02 136192 ----a-w- c:\windows\system32\advpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-25 14:02 . 2012-06-25 14:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-25 14:02 . 2012-06-25 14:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-25 14:02 . 2012-06-25 14:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-25 14:02 . 2012-06-25 14:02 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-25 14:02 . 2012-06-25 14:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-25 14:01 . 2012-06-25 14:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-25 14:01 . 2012-06-25 14:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-25 14:01 . 2012-06-25 14:01 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-25 14:01 . 2012-06-25 14:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-25 14:01 . 2012-06-25 14:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-25 14:01 . 2012-06-25 14:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-25 14:01 . 2012-06-25 14:01 448512 ----a-w- c:\windows\system32\html.iec
2012-06-25 14:01 . 2012-06-25 14:01 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-25 14:01 . 2012-06-25 14:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-25 14:01 . 2012-06-25 14:01 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-25 14:01 . 2012-06-25 14:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-25 14:01 . 2012-06-25 14:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-25 14:01 . 2012-06-25 14:01 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-25 14:01 . 2012-06-25 14:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-25 14:01 . 2012-06-25 14:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-25 14:01 . 2012-06-25 14:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-25 14:01 . 2012-06-25 14:01 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-25 14:01 . 2012-06-25 14:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-25 14:01 . 2012-06-25 14:01 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-25 14:01 . 2012-06-25 14:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-25 14:01 . 2012-06-25 14:01 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-25 14:01 . 2012-06-25 14:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-25 14:01 . 2012-06-25 14:01 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-25 14:01 . 2012-06-25 14:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:01 . 2012-06-25 14:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-25 14:01 . 2012-06-25 14:01 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-19 23:55 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-04 03:28 . 2006-11-02 12:35 58957832 ----a-w- c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-21 15:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:44 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 15:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 15:44 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 15:44 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 15:44 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 15:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-15 20:15 . 2012-06-25 13:24 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 09:29 . 2011-01-16 21:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-01-16 21:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2009-08-17 06:39 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-01-16 21:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-01-16 21:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2010-09-17 21:22 . 2010-09-17 20:09 1874602064 ----a-w- c:\program files (x86)\VindictusVBSetupV104.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_07.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-22 23:41 . 2012-08-02 07:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-22 23:41 . 2012-07-24 21:15 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2008-01-21 02:23 . 2012-08-03 10:01 67236 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-09-11 18:44 . 2012-08-03 10:01 15844 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2830320785-2785918659-1747574366-1000_UserData.bin
- 2009-09-11 05:25 . 2012-07-27 14:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-11 05:25 . 2012-08-02 19:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-11 05:25 . 2012-07-27 14:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-11 05:25 . 2012-08-02 19:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-11 05:25 . 2012-08-02 19:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-11 05:25 . 2012-07-27 14:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-02 07:09 . 2012-08-02 07:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-03 09:58 . 2012-08-03 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 07:09 . 2012-08-02 07:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 09:58 . 2012-08-03 09:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 19:20 . 2012-08-02 19:20 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
+ 2012-08-02 18:20 . 2012-08-02 18:20 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-02 18:20 . 2012-08-02 18:20 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
+ 2012-04-21 10:22 . 2012-08-02 19:20 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-21 10:22 . 2012-07-27 14:20 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-22 23:39 . 2012-08-02 07:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-22 23:39 . 2012-07-24 21:15 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-23 23:40 . 2012-08-02 19:20 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-23 23:40 . 2012-08-02 07:10 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 15:45 . 2012-08-03 10:01 100912 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-08-03 00:02 675230 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-01 15:58 675230 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-03 00:02 132592 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-01 15:58 132592 c:\windows\system32\perfc009.dat
+ 2012-08-02 19:20 . 2012-08-02 19:20 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
+ 2012-08-02 18:20 . 2012-08-02 18:20 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
+ 2012-08-02 18:20 . 2012-08-02 18:20 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll
+ 2010-10-01 03:01 . 2012-08-03 09:56 417372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-01 03:01 . 2012-08-02 07:07 417372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-02 19:20 . 2012-08-02 19:20 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-02 19:20 . 2012-08-02 19:20 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
+ 2008-01-21 03:20 . 2012-08-02 19:20 3457024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-02 07:10 3457024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-02 07:10 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-02 19:20 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-02 19:20 . 2012-08-02 19:20 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
+ 2010-10-01 03:11 . 2012-08-03 09:56 34537552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2830320785-2785918659-1747574366-1000-12288.dat
- 2010-10-01 03:11 . 2012-08-02 07:07 34537552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2830320785-2785918659-1747574366-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-06 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-07-15 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-08-26 17594880]
"SoftwareStation"="c:\program files (x86)\eAcceleration\Station\station.exe" [2011-12-14 141232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CapsUnlock.lnk - c:\program files (x86)\CapsUnlock\CapsUnlock.exe [2011-11-25 13312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-17 512000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:20]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 06:15]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02 06:15]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\progra~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\eAcceleration\eacsvc.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\eAcceleration\Station\station_bk.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\EACCEL~1\FRAMEW~1\eac_svc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-08-03 06:14:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 10:14
ComboFix2.txt 2012-08-02 07:51
.
Pre-Run: 298,362,351,616 bytes free
Post-Run: 299,520,401,408 bytes free
.
- - End Of File - - 00BBA08853E15E739E6C72E2DEA016B4

Edited by NightmareFrank, 03 August 2012 - 05:27 AM.


#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 03 August 2012 - 11:44 AM

Hey D-Fred. I don't have access to a flash drive at the moment, think there's any alternatives we could do? Also, the pc actually seems to be running fairly well, I haven't had a redirect since reboot and no BSOD's or random restarts either. However, I have been getting this error message: "winrscmde stopped working and was closed".

Forget about ListParts for now. I think the main infection has been neutralized, though I'd still like to take a deeper look at some stuff.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------

Also, please do the following. We won't necessarily need it, but it's still good to have if you don't have one already:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 August 2012 - 01:20 PM

The mirror doesn't seem to be working. The page refuses to load :/

I made the CD. Lemme know if you have another link to download OTL.

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 03 August 2012 - 02:21 PM

Try this link: http://www.itxassociates.com/OT-Tools/OTL.exe

Looks like GeekstoGo is down again :mellow:
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 August 2012 - 02:51 PM

OTL.txt :

OTL logfile created on: 8/3/2012 3:39:03 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Frank\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 61.22% Memory free
32.33 Gb Paging File | 28.87 Gb Available in Paging File | 89.29% Paging File free
Paging file location(s): c:\pagefile.sys 25000 25000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 277.55 Gb Free Space | 29.80% Space Free | Partition Type: NTFS
Drive D: | 1.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRANKSPC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 15:38:19 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2012/08/02 15:20:28 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/20 03:28:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/19 21:30:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/14 22:37:54 | 003,407,496 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/07/14 15:13:15 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
PRC - [2012/07/13 23:24:11 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.185\deploy\LolClient.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/17 06:34:44 | 000,512,000 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/14 19:18:27 | 000,464,816 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
PRC - [2011/11/25 04:22:30 | 000,013,312 | ---- | M] (BrainSystems) -- C:\Program Files (x86)\CapsUnlock\CapsUnlock.exe
PRC - [2011/11/12 11:52:14 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/11/08 18:34:39 | 000,115,744 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe
PRC - [2010/11/08 18:27:19 | 000,264,120 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010/03/15 17:56:58 | 000,144,720 | ---- | M] (eAcceleration) -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
PRC - [2009/04/22 21:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 15:20:27 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/19 21:30:22 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/14 22:37:56 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/07/14 22:37:56 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/07/14 22:37:56 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/07/14 22:37:56 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/07/14 22:37:56 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/07/14 22:37:55 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/07/14 22:37:55 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/07/14 22:37:55 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/07/14 22:37:55 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/07/14 22:37:55 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/07/14 22:37:55 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/07/14 15:13:15 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
MOD - [2012/07/13 23:13:35 | 004,770,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.185\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/06/25 12:49:49 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\63dc7f1deb6f9b3ed0a21902246b46a9\System.ServiceModel.Web.ni.dll
MOD - [2012/06/25 12:48:25 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/06/25 12:47:54 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/06/25 12:47:51 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/06/25 12:47:51 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/06/25 12:46:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/06/25 11:03:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/06/25 11:03:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/25 11:03:02 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/25 11:01:57 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012/06/25 11:01:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/06/25 11:01:51 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/25 11:01:33 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/06/25 11:01:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/06/25 11:01:16 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/06/25 11:01:02 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/06/17 06:34:42 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Air.dll
MOD - [2012/06/17 06:34:40 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Launcher.dll
MOD - [2012/06/17 06:34:40 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Compression.dll
MOD - [2012/06/17 06:34:38 | 001,033,728 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/04 15:01:22 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/11/25 04:22:30 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\CapsUnlock\CapsUnlock.dll
MOD - [2011/11/12 11:52:14 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/07/14 12:01:59 | 000,958,976 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-53.dll
MOD - [2011/07/14 12:01:59 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011/07/14 12:01:58 | 007,006,208 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-53.dll
MOD - [2011/07/14 12:01:58 | 000,239,616 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-0.dll
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/02 15:20:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 03:28:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/19 21:30:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 13:56:41 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/15 19:17:10 | 000,202,264 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/08 18:27:19 | 000,264,120 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2010/11/08 18:27:17 | 000,235,448 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_notifysvc.dll -- (eac_notifysvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 17:56:58 | 000,144,720 | ---- | M] (eAcceleration) [Auto | Running] -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe -- (StopSign Update Manager)
SRV - [2009/10/31 15:42:37 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/29 20:45:22 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/05/25 06:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/21 18:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2008/12/10 17:56:26 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008/07/25 08:10:34 | 000,972,800 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008/04/28 09:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/09 01:52:44 | 000,253,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WUSB54GSCV2_AMD64.sys -- (WUSB54GSCv2.NTamd64)
DRV:64bit: - [2006/11/02 20:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011/01/31 02:39:58 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 4C 3D 11 5B C9 69 45 88 B4 DB 69 5D 66 B9 9F [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 4C 3D 11 5B C9 69 45 88 B4 DB 69 5D 66 B9 9F [binary data]

IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 4C 3D 11 5B C9 69 45 88 B4 DB 69 5D 66 B9 9F [binary data]
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=892F3462-10E8-4E26-9851-C6305A4A8769&apn_sauid=11F3FA31-B548-4B22-8634-E8298B182CB8
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Runescape Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Frank\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 00:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/28 00:19:09 | 000,000,000 | ---D | M]

[2009/09/11 14:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/08/02 02:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions
[2010/04/27 06:49:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/02 04:11:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/15 18:19:38 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2012/04/04 15:13:02 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\extensions\toolbar@ask.com
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\searchplugins\askcom.xml
[2010/11/02 16:55:50 | 000,000,921 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\e6g22c1i.default\searchplugins\conduit.xml
[2012/04/28 06:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/27 01:16:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 21:30:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/04 15:01:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/10/01 16:20:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 18:59:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2012/08/03 05:59:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files (x86)\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CapsUnlock.lnk = C:\Program Files (x86)\CapsUnlock\CapsUnlock.exe (BrainSystems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2830320785-2785918659-1747574366-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9AB09-4137-4EBB-B82D-56414614F5A9}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B649854A-5285-447F-80A0-DAB71B18B837}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 04:32:38 | 000,391,863 | R--- | M] () - D:\autorun.cdd -- [ CDFS ]
O32 - AutoRun File - [2011/01/31 04:56:23 | 002,415,152 | R--- | M] (EVGA Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/01/31 00:54:38 | 000,009,158 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/01/31 04:32:38 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 15:38:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/08/03 05:56:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/02 03:10:28 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/08/02 01:18:58 | 004,724,629 | R--- | C] (Swearware) -- C:\Users\Frank\Desktop\ComboFix.exe
[2012/08/02 01:17:27 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\tdsskiller(1).exe
[2012/08/01 20:37:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{CF263CD1-6727-4265-8099-675337A09D60}
[2012/08/01 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{BEABA221-4D60-45FF-BF2E-68E551C5C7F1}
[2012/08/01 11:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/01 09:39:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/01 09:39:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/01 09:39:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/01 09:31:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 09:31:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 08:36:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DC943461-1D07-4D90-B8D6-529CEB11D71D}
[2012/08/01 08:35:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{5DD61526-8F7B-4889-93DA-D843A9BAEFC9}
[2012/07/31 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C9872576-1CA6-4893-9221-BE70CB8D42C7}
[2012/07/31 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9FB9691D-8D2C-48CF-BF4B-A176E654354A}
[2012/07/31 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4798E81D-9CEB-4BE6-9C7C-C7CE6D23A1AA}
[2012/07/31 08:33:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1FEBB57E-1DCD-4A08-87B8-69F23FEA7E99}
[2012/07/30 20:33:08 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B36C5C92-CC5B-45BC-A806-B4AC34366ACC}
[2012/07/30 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{05142009-89B4-4EA0-B2F0-8584F2DB0BD2}
[2012/07/30 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{049FA6E1-358C-451A-8CBE-30974DAB011A}
[2012/07/30 08:32:06 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{00EE01B1-B690-4EFA-ADE5-45A1DD3E317B}
[2012/07/29 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{7344A227-6B07-481F-A8DD-0742425DEC4B}
[2012/07/29 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{8F37763F-22D7-4310-A55E-7B27CB1E2759}
[2012/07/29 08:30:36 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A5FCB436-6548-465C-A526-0508FB2E769F}
[2012/07/29 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C0B55A1E-82EC-4A06-8ADB-5299BAFAC7B3}
[2012/07/28 00:22:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Apple Computer
[2012/07/28 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Apple Computer
[2012/07/28 00:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/28 00:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/28 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/07/28 00:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/07/28 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Apple
[2012/07/28 00:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/07/28 00:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/27 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{E1601DEF-D351-4A35-93E8-CD063F95B101}
[2012/07/27 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2A6811E7-87B5-471A-8709-E7EAA6D65523}
[2012/07/26 19:56:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{480D08FE-05B4-4E46-9854-38B9A8D657E0}
[2012/07/26 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{569496B3-FBC3-4131-83D5-9C8D4191BE8B}
[2012/07/25 19:01:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{5BCE7A67-2531-49A5-B28B-BB10ACE45E3C}
[2012/07/25 19:00:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B02A9EF5-0471-4D0A-9D0B-C8E559BE31D1}
[2012/07/25 07:00:28 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{90868ADE-1E0B-4703-B5E2-2B3632BD0768}
[2012/07/25 07:00:09 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{ED9D0C1C-CA6E-4AFF-B3B5-DEADA4C34932}
[2012/07/24 18:59:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{45EED2F2-0A4B-4E4B-A2A0-C17B51F57F73}
[2012/07/24 18:59:11 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9D973508-A752-4E65-8B7E-486705A79B4D}
[2012/07/24 06:58:36 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DFC8E264-6FA0-4BE7-A81D-66FAB57CBFC6}
[2012/07/24 06:58:16 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D393FB5D-4222-4983-9FDD-035B19B8AC54}
[2012/07/23 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C837E191-E902-4DE9-9A12-98BD98F56044}
[2012/07/23 18:56:29 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DE7E4B39-33FB-4017-9FAE-8C481B929705}
[2012/07/23 08:25:09 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Macromedia
[2012/07/22 18:45:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2CF8D411-E71D-4941-A40A-92A03D7C310F}
[2012/07/22 18:45:35 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{AC9A5A06-03E1-43E5-95B8-E64F668ED130}
[2012/07/22 06:45:05 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{771EBDF8-0BC9-416F-88E1-EE304A020F7F}
[2012/07/21 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{AC76040E-9C00-4E9C-827D-CC8910D6FFF5}
[2012/07/21 18:44:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{3B3EE36C-C5A3-466A-99F2-F243865EE9A1}
[2012/07/21 06:44:00 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A110B8E7-FC29-4E98-B36F-34B046D665B8}
[2012/07/20 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4599F7C7-C611-42FC-B361-BF580B2D3340}
[2012/07/20 18:41:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9479087D-DDF5-493B-8E9B-088AB1D9C54D}
[2012/07/20 18:37:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/20 02:22:11 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\3DMark 11
[2012/07/20 02:21:53 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\IsolatedStorage
[2012/07/20 02:21:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Futuremark_Corporation
[2012/07/20 02:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012/07/20 02:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2012/07/20 01:52:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
[2012/07/20 01:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2012/07/19 22:10:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{22D6B4F9-E9B4-4583-9BC5-8653C00D2454}
[2012/07/19 22:09:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1984F548-6965-4288-BAD9-07529D8CD68D}
[2012/07/19 21:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/19 21:43:19 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/07/19 21:43:19 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/19 21:43:19 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/19 21:43:17 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/19 21:43:17 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/19 21:43:17 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/19 21:43:17 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/19 21:43:17 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/19 21:43:17 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/19 21:43:17 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/19 21:43:17 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/19 21:43:16 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/19 21:43:16 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/19 21:43:16 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/19 21:43:16 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/19 21:43:16 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/19 21:43:16 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/19 21:07:55 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/19 21:07:55 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/19 21:07:55 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/19 21:07:55 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2012/07/19 21:07:55 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64hda.dll
[2012/07/19 21:07:55 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2012/07/19 21:07:55 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/19 21:07:55 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/19 21:07:54 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/07/19 21:07:54 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2012/07/19 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{733706E9-C853-4B86-8F06-C04B20EE8924}
[2012/07/19 20:58:39 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{ED98D62F-ECAD-474A-B664-D9013BF88758}
[2012/07/16 19:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/07/15 16:01:34 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\PunkBuster
[2012/07/15 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\Battlefield 3
[2012/07/15 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/07/15 15:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/07/15 15:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/07/15 08:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/07/15 08:56:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/07/14 22:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/07/14 22:38:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Origin
[2012/07/14 22:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/07/14 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Origin
[2012/07/14 22:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/07/14 22:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/07/14 22:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/07/14 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C665562E-D712-4E7B-A655-245C75D8F6D8}
[2012/07/14 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D1B34AE6-B086-44D8-B176-873D3C21874C}
[2012/07/13 22:00:53 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Tific
[2012/07/13 11:05:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A6E60C2D-F569-4D4E-8048-7F23AC029882}
[2012/07/12 23:05:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{6BFE9F8E-FE01-4827-9D8B-D186A81C6138}
[2012/07/12 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{EA2C20D5-FDD3-42B2-AC2D-7220277BD593}
[2012/07/11 23:04:14 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{69758B18-CB97-4DAB-B1A5-E9BC71A21BA0}
[2012/07/11 23:04:03 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B2DB7676-7463-4F8C-AA2C-FB0480EAF4C3}
[2012/07/10 10:47:19 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1D072359-D742-47B6-82D1-5485844D4FE0}
[2012/07/09 22:46:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{54939372-229E-4CC8-A5CE-AB5A6C1C6B34}
[2012/07/09 22:46:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A17A0726-C087-4F54-90C7-088CEDE9507B}
[2012/07/09 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{E3CBEB35-832F-4AB1-B62E-A6A0D0F9A05C}
[2012/07/09 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{14B73E41-41D2-40DD-AC3F-95FA07960F43}
[2012/07/08 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{F807B68F-D509-4342-8E3E-723EA2E7141D}
[2012/07/08 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1027FE85-6DDF-46F1-A58C-316E99B990FA}
[2012/07/08 10:45:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{496E3265-670A-44AA-965B-EABB7E4E80DA}
[2012/07/08 10:45:23 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{936645F6-9520-4112-834B-F0F9AD0F3C75}
[2012/07/07 22:45:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{00872AAC-BC85-411D-BF37-76A78B432942}
[2012/07/07 22:44:59 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A7549A1F-0A8E-464F-A770-8523F446A650}
[2012/07/07 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2A41055C-C100-4CC6-8A52-0A8528E24B10}
[2012/07/07 10:44:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4D09E1EA-6743-4CE9-9CC5-CAFA0622BD98}
[2012/07/06 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D5372EB1-253C-43A4-A9F0-25255B495BF9}
[2012/07/06 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{3683B821-DFF4-47D1-A9DE-33A3F6DB9F45}
[2012/07/06 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{6ADDF12B-B5DA-4F81-A7A4-04E876E066DC}
[2012/07/06 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{46AB9DE9-0DD6-48C0-AFA1-25FCCB086885}
[2012/07/05 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A7043EAC-9756-47A9-B78B-19D539F85E54}
[2012/07/05 22:43:28 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4E8327F7-A782-45C6-ACD2-021F964307BB}
[2012/07/05 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{297A9507-E992-4806-8BC4-2553609A1B95}
[2012/07/05 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{099A60AF-C128-496E-B4A0-B68567E12D1A}
[2012/07/04 22:42:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DC6C7CE5-ED3A-4521-90B5-E2A493FD542B}
[2012/07/04 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D8051100-1F16-468D-B987-2944B22D3640}
[2010/09/17 16:09:03 | 1874,602,064 | ---- | C] (Nexon) -- C:\Program Files (x86)\VindictusVBSetupV104.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 15:38:19 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012/08/03 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 15:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 13:58:42 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 13:58:42 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 13:03:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 06:05:40 | 000,806,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 06:05:40 | 000,675,230 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 06:05:40 | 000,132,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 05:59:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/03 05:58:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 05:29:25 | 004,724,629 | R--- | M] (Swearware) -- C:\Users\Frank\Desktop\ComboFix.exe
[2012/08/02 19:55:31 | 752,749,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/02 15:20:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 15:20:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 01:19:38 | 000,881,494 | ---- | M] () -- C:\Users\Frank\Desktop\SecurityCheck.exe
[2012/08/02 01:17:28 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Frank\Desktop\tdsskiller(1).exe
[2012/08/01 21:05:25 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/01 07:54:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/01 04:23:59 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/01 04:23:59 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/01 04:23:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/28 00:18:34 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/28 00:07:31 | 073,725,519 | ---- | M] () -- C:\Users\Frank\Desktop\IMG_5570.MOV
[2012/07/20 03:28:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/20 02:18:20 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/07/20 01:52:40 | 000,000,913 | ---- | M] () -- C:\Users\Frank\Desktop\EVGA Precision.lnk
[2012/07/19 21:33:20 | 000,001,356 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2012/07/19 21:26:49 | 000,000,732 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps64.dat
[2012/07/19 21:00:39 | 000,000,552 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d8caps.dat
[2012/07/16 19:43:00 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/15 08:56:39 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/07/14 22:36:50 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/07/13 23:12:00 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/13 21:58:22 | 000,001,832 | ---- | M] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2012/07/10 20:46:42 | 000,128,931 | ---- | M] () -- C:\Users\Frank\Desktop\deadforever.png
[2012/07/09 19:46:15 | 000,046,753 | ---- | M] () -- C:\Users\Frank\Desktop\trollface.png
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 01:19:38 | 000,881,494 | ---- | C] () -- C:\Users\Frank\Desktop\SecurityCheck.exe
[2012/08/01 09:39:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/01 09:39:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/01 09:39:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/01 09:39:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/01 09:39:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/01 07:54:42 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 00:18:31 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/28 00:16:47 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/28 00:02:34 | 073,725,519 | ---- | C] () -- C:\Users\Frank\Desktop\IMG_5570.MOV
[2012/07/20 02:18:20 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/07/20 01:52:39 | 000,000,913 | ---- | C] () -- C:\Users\Frank\Desktop\EVGA Precision.lnk
[2012/07/19 21:43:17 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/19 21:00:39 | 000,000,552 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d8caps.dat
[2012/07/16 19:42:59 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/15 16:01:37 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/15 08:56:39 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/07/15 08:56:15 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/15 08:56:15 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/15 08:56:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/14 22:36:50 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/07/13 23:12:00 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/10 20:46:40 | 000,128,931 | ---- | C] () -- C:\Users\Frank\Desktop\deadforever.png
[2012/07/09 19:46:13 | 000,046,753 | ---- | C] () -- C:\Users\Frank\Desktop\trollface.png
[2012/06/25 09:24:19 | 000,002,048 | -HS- | C] () -- C:\Users\Frank\AppData\Local\{d160ba29-29a5-bcfb-42da-5a1dd4815c2b}\@
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/02 00:43:56 | 000,102,364 | ---- | C] () -- C:\Users\Frank\IMG_2708.jpg
[2012/04/02 00:43:56 | 000,078,812 | ---- | C] () -- C:\Users\Frank\IMG_6128.jpg
[2012/04/02 00:43:56 | 000,078,583 | ---- | C] () -- C:\Users\Frank\IMG_2466.jpg
[2012/04/02 00:43:56 | 000,063,733 | ---- | C] () -- C:\Users\Frank\IMG_2711.jpg
[2011/11/22 16:44:13 | 000,000,024 | ---- | C] () -- C:\Users\Frank\jagexappletviewer.preferences
[2011/11/21 02:04:47 | 000,000,045 | ---- | C] () -- C:\Users\Frank\jagex_cl_runescape_LIVE2.dat
[2011/10/28 16:44:23 | 000,000,045 | ---- | C] () -- C:\Users\Frank\jagex_cl_runescape_LIVE1.dat
[2011/10/25 14:18:36 | 000,000,040 | ---- | C] () -- C:\Users\Frank\jagex_cl_runescape_LIVE.dat
[2011/10/05 21:23:02 | 000,001,940 | ---- | C] () -- C:\Users\Frank\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/08/05 19:38:45 | 000,181,528 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/16 10:12:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/16 10:12:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/16 10:10:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/03/24 11:37:33 | 000,000,000 | ---- | C] () -- C:\Users\Frank\jagex__preferences3.dat
[2010/01/05 01:53:32 | 000,057,856 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 15:38:00 | 000,001,356 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2009/10/08 21:02:28 | 000,000,093 | ---- | C] () -- C:\Users\Frank\AppData\Local\fusioncache.dat
[2009/09/12 23:46:11 | 000,066,511 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/12 23:46:11 | 000,066,511 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/12 19:05:36 | 000,000,075 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences2.dat
[2009/09/12 19:02:48 | 000,000,041 | ---- | C] () -- C:\Users\Frank\jagex_runescape_preferences.dat
[2009/09/11 22:03:55 | 000,000,732 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps64.dat

========== Files - Unicode (All) ==========
[2010/09/17 17:30:18 | 000,000,000 | ---D | M](C:\Users\Frank\Documents\?? ???) -- C:\Users\Frank\Documents\넥슨 플러그
[2010/09/17 17:30:18 | 000,000,000 | ---D | C](C:\Users\Frank\Documents\?? ???) -- C:\Users\Frank\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Frank\Documents\clip0001.avi:TOC.WMV

< End of report >


Extras.txt:

OTL Extras logfile created on: 8/3/2012 3:39:03 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Frank\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 61.22% Memory free
32.33 Gb Paging File | 28.87 Gb Available in Paging File | 89.29% Paging File free
Paging file location(s): c:\pagefile.sys 25000 25000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 277.55 Gb Free Space | 29.80% Space Free | Partition Type: NTFS
Drive D: | 1.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRANKSPC | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2830320785-2785918659-1747574366-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FA AB 7B 98 AC 55 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42EEE593-1D4D-4105-80DB-5577DEE99365}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79DEB72F-D090-4265-BF4B-4BD7CAECD30A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BEE2EDB9-C634-4455-A15D-FF2DE01333BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9FB46F5-8E34-4CE4-9491-948A8B5B9F07}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDD6C5BB-7DC7-4E8C-B984-6E59E67DC7A8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1DC7381-63A8-4739-BAFF-2F9672745301}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D35AC799-759B-48A7-89D6-E8A9B69FAC0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EEFAFB3F-DEF7-4FC5-988F-ADC59AB0EE37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87D1F1E7-8AEF-44F1-BDB0-B02A14D962FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90238FFC-F632-4FAA-8DB8-3887494B3D7B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA0CB266-28D6-4591-8939-3821B9FC88D7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{1B30F0F0-A7FC-4237-B3C3-2DCCBB14E633}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4BCB4EA2-D83A-4491-BDA5-C4966DCF961B}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"UDP Query User{44601E84-3054-45CD-855F-616FF46DE9F4}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{D18ADE39-D078-4120-BCF9-196815FEDFFC}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BurnInTest_is1" = BurnInTest v6.0 Pro
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.04.804
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface Service
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"DFO" = DFOLauncher
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"Download Manager" = Download Manager 2.3.10
"DragonNest" = DragonNest
"EaccelSetup" = StopSign Internet Security
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"LastChaos" = LastChaos
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Precision" = EVGA Precision 2.0.2
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"RayV" = WCG2010EN Player
"Rohan_RBF" = Rohan_RBF
"Steam App 1250" = Killing Floor
"Steam App 205790" = Dota 2 Test
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 300" = Day of Defeat: Source
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2830320785-2785918659-1747574366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"SwiftKit" = SwiftKit

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2012 9:15:50 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x56c, application
start time 0x01cd6fe7c5761fd4.

Error - 8/1/2012 9:16:06 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1d0, application
start time 0x01cd6fe7ccd2e3d4.

Error - 8/1/2012 9:16:18 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x634, application
start time 0x01cd6fe7d60c3004.

Error - 8/1/2012 9:16:30 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x8dc, application
start time 0x01cd6fe7dd6e7244.

Error - 8/1/2012 9:16:46 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x137c, application
start time 0x01cd6fe7e4d82e94.

Error - 8/1/2012 9:16:58 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1100, application
start time 0x01cd6fe7ee235514.

Error - 8/1/2012 9:20:12 AM | Computer Name = FranksPc | Source = WinMgmt | ID = 10
Description =

Error - 8/1/2012 9:21:14 AM | Computer Name = FranksPc | Source = Application Hang | ID = 1002
Description = The program MCUI32.EXE version 17.9.0.12 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e40 Start Time: 01cd6fe864522bde Termination Time: 19

Error - 8/1/2012 9:33:31 AM | Computer Name = FranksPc | Source = Application Hang | ID = 1002
Description = The program ComboFix.exe version 12.7.31.2 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12e4 Start Time: 01cd6fe9f3394fde Termination Time: 53

Error - 8/1/2012 9:45:20 AM | Computer Name = FranksPc | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.228, time
stamp 0x4fbf6b79, faulting module ntdll.dll, version 6.0.6002.18541, time stamp
0x4ec3e39f, exception code 0xc0000374, fault offset 0x000abc4f, process id 0x6c4,
application start time 0x01cd6fe83246f3fe.

[ Media Center Events ]
Error - 9/21/2009 10:16:16 PM | Computer Name = FranksPc | Source = McrMgr | ID = 109
Description =

Error - 10/7/2009 4:34:52 PM | Computer Name = FranksPc | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/29/2009 4:00:52 AM | Computer Name = FranksPc | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/5/2010 5:37:53 PM | Computer Name = FranksPc | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/21/2010 5:37:05 PM | Computer Name = FranksPc | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/3/2012 5:29:37 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7034
Description =

Error - 8/3/2012 5:29:37 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7034
Description =

Error - 8/3/2012 5:29:37 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7034
Description =

Error - 8/3/2012 5:35:51 AM | Computer Name = FranksPc | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/3/2012 5:35:52 AM | Computer Name = FranksPc | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/3/2012 5:49:07 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7030
Description =

Error - 8/3/2012 5:56:03 AM | Computer Name = FranksPc | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/3/2012 5:56:04 AM | Computer Name = FranksPc | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/3/2012 5:56:41 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7030
Description =

Error - 8/3/2012 5:59:58 AM | Computer Name = FranksPc | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 03 August 2012 - 03:28 PM

Do you recognize the following folder?

C:\Users\Frank\Documents\넥슨 플러그\
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 NightmareFrank

NightmareFrank
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 August 2012 - 04:00 PM

I think it has something to do with Nexon games. It was created at the same time as my Vindictus folder (a Nexon game)

Edited by NightmareFrank, 03 August 2012 - 04:09 PM.


#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:12 AM

Posted 03 August 2012 - 04:21 PM

Gotcha. Only reason I ask is because usually folders with non-standard characters are created by malware. If you recognize them, they should be fine.


We need to run an OTL Fix. This, among taking care of some remnants of the infection, will also clean up some unnecessary junk leftover by unused programs.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2012/08/01 08:36:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DC943461-1D07-4D90-B8D6-529CEB11D71D}
    [2012/08/01 08:35:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{5DD61526-8F7B-4889-93DA-D843A9BAEFC9}
    [2012/07/31 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C9872576-1CA6-4893-9221-BE70CB8D42C7}
    [2012/07/31 20:34:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9FB9691D-8D2C-48CF-BF4B-A176E654354A}
    [2012/07/31 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4798E81D-9CEB-4BE6-9C7C-C7CE6D23A1AA}
    [2012/07/31 08:33:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1FEBB57E-1DCD-4A08-87B8-69F23FEA7E99}
    [2012/07/30 20:33:08 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B36C5C92-CC5B-45BC-A806-B4AC34366ACC}
    [2012/07/30 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{05142009-89B4-4EA0-B2F0-8584F2DB0BD2}
    [2012/07/30 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{049FA6E1-358C-451A-8CBE-30974DAB011A}
    [2012/07/30 08:32:06 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{00EE01B1-B690-4EFA-ADE5-45A1DD3E317B}
    [2012/07/29 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{7344A227-6B07-481F-A8DD-0742425DEC4B}
    [2012/07/29 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{8F37763F-22D7-4310-A55E-7B27CB1E2759}
    [2012/07/29 08:30:36 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A5FCB436-6548-465C-A526-0508FB2E769F}
    [2012/07/29 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C0B55A1E-82EC-4A06-8ADB-5299BAFAC7B3}
    [2012/07/27 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{E1601DEF-D351-4A35-93E8-CD063F95B101}
    [2012/07/27 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2A6811E7-87B5-471A-8709-E7EAA6D65523}
    [2012/07/26 19:56:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{480D08FE-05B4-4E46-9854-38B9A8D657E0}
    [2012/07/26 19:55:52 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{569496B3-FBC3-4131-83D5-9C8D4191BE8B}
    [2012/07/25 19:01:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{5BCE7A67-2531-49A5-B28B-BB10ACE45E3C}
    [2012/07/25 19:00:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B02A9EF5-0471-4D0A-9D0B-C8E559BE31D1}
    [2012/07/25 07:00:28 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{90868ADE-1E0B-4703-B5E2-2B3632BD0768}
    [2012/07/25 07:00:09 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{ED9D0C1C-CA6E-4AFF-B3B5-DEADA4C34932}
    [2012/07/24 18:59:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{45EED2F2-0A4B-4E4B-A2A0-C17B51F57F73}
    [2012/07/24 18:59:11 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9D973508-A752-4E65-8B7E-486705A79B4D}
    [2012/07/24 06:58:36 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DFC8E264-6FA0-4BE7-A81D-66FAB57CBFC6}
    [2012/07/24 06:58:16 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D393FB5D-4222-4983-9FDD-035B19B8AC54}
    [2012/07/23 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C837E191-E902-4DE9-9A12-98BD98F56044}
    [2012/07/23 18:56:29 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DE7E4B39-33FB-4017-9FAE-8C481B929705}
    [2012/07/22 18:45:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2CF8D411-E71D-4941-A40A-92A03D7C310F}
    [2012/07/22 18:45:35 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{AC9A5A06-03E1-43E5-95B8-E64F668ED130}
    [2012/07/22 06:45:05 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{771EBDF8-0BC9-416F-88E1-EE304A020F7F}
    [2012/07/21 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{AC76040E-9C00-4E9C-827D-CC8910D6FFF5}
    [2012/07/21 18:44:31 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{3B3EE36C-C5A3-466A-99F2-F243865EE9A1}
    [2012/07/21 06:44:00 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A110B8E7-FC29-4E98-B36F-34B046D665B8}
    [2012/07/20 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4599F7C7-C611-42FC-B361-BF580B2D3340}
    [2012/07/20 18:41:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{9479087D-DDF5-493B-8E9B-088AB1D9C54D}
    [2012/07/19 22:10:12 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{22D6B4F9-E9B4-4583-9BC5-8653C00D2454}
    [2012/07/19 22:09:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1984F548-6965-4288-BAD9-07529D8CD68D}
    [2012/07/19 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{733706E9-C853-4B86-8F06-C04B20EE8924}
    [2012/07/19 20:58:39 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{ED98D62F-ECAD-474A-B664-D9013BF88758}
    [2012/07/13 11:05:26 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A6E60C2D-F569-4D4E-8048-7F23AC029882}
    [2012/07/12 23:05:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{6BFE9F8E-FE01-4827-9D8B-D186A81C6138}
    [2012/07/12 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{EA2C20D5-FDD3-42B2-AC2D-7220277BD593}
    [2012/07/11 23:04:14 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{69758B18-CB97-4DAB-B1A5-E9BC71A21BA0}
    [2012/07/11 23:04:03 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{B2DB7676-7463-4F8C-AA2C-FB0480EAF4C3}
    [2012/07/10 10:47:19 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1D072359-D742-47B6-82D1-5485844D4FE0}
    [2012/07/09 22:46:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{54939372-229E-4CC8-A5CE-AB5A6C1C6B34}
    [2012/07/09 22:46:44 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A17A0726-C087-4F54-90C7-088CEDE9507B}
    [2012/07/09 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{E3CBEB35-832F-4AB1-B62E-A6A0D0F9A05C}
    [2012/07/09 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{14B73E41-41D2-40DD-AC3F-95FA07960F43}
    [2012/07/08 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{F807B68F-D509-4342-8E3E-723EA2E7141D}
    [2012/07/08 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{1027FE85-6DDF-46F1-A58C-316E99B990FA}
    [2012/07/08 10:45:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{496E3265-670A-44AA-965B-EABB7E4E80DA}
    [2012/07/08 10:45:23 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{936645F6-9520-4112-834B-F0F9AD0F3C75}
    [2012/07/07 22:45:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{00872AAC-BC85-411D-BF37-76A78B432942}
    [2012/07/07 22:44:59 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A7549A1F-0A8E-464F-A770-8523F446A650}
    [2012/07/07 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{2A41055C-C100-4CC6-8A52-0A8528E24B10}
    [2012/07/07 10:44:37 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4D09E1EA-6743-4CE9-9CC5-CAFA0622BD98}
    [2012/07/06 22:44:25 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D5372EB1-253C-43A4-A9F0-25255B495BF9}
    [2012/07/06 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{3683B821-DFF4-47D1-A9DE-33A3F6DB9F45}
    [2012/07/06 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{6ADDF12B-B5DA-4F81-A7A4-04E876E066DC}
    [2012/07/06 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{46AB9DE9-0DD6-48C0-AFA1-25FCCB086885}
    [2012/07/05 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{A7043EAC-9756-47A9-B78B-19D539F85E54}
    [2012/07/05 22:43:28 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{4E8327F7-A782-45C6-ACD2-021F964307BB}
    [2012/07/05 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{297A9507-E992-4806-8BC4-2553609A1B95}
    [2012/07/05 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{099A60AF-C128-496E-B4A0-B68567E12D1A}
    [2012/07/04 22:42:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{DC6C7CE5-ED3A-4521-90B5-E2A493FD542B}
    [2012/07/04 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D8051100-1F16-468D-B987-2944B22D3640}
    [2012/07/14 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{C665562E-D712-4E7B-A655-245C75D8F6D8}
    [2012/07/14 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{D1B34AE6-B086-44D8-B176-873D3C21874C}
    [2012/06/25 09:24:19 | 000,002,048 | -HS- | C] () -- C:\Users\Frank\AppData\Local\{d160ba29-29a5-bcfb-42da-5a1dd4815c2b}\@
    @Alternate Data Stream - 64 bytes -> C:\Users\Frank\Documents\clip0001.avi:TOC.WMV
    
    :Files
    C:\Windows\Installer\{d160ba29-29a5-bcfb-42da-5a1dd4815c2b}
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Edited by D-FRED-BROWN, 03 August 2012 - 04:21 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users