Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown proxy was set. Unknown network adapter.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Bushstar

Bushstar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 08 February 2013 - 03:33 AM

I am using Windows 7 Ultimate x64 SP1. I ran HijackThis as you do and saw the following line which I removed.


Internet Settings, ProxyServer = 127.0.0.1:19876

When running DDS in the dds.txt file I found these settings which may be unrelated but I cannot explain them.

TCP: Interfaces\{5D969EFE-1A71-4BC0-950C-B6214B4FC1DD} : DHCPNameServer = 88.82.13.60 88.82.13.60

When I found these items I ran CCleaner just to lighten the amount I needed to scan. Then I ran ComboFix and Malwarebytes Antimalware and found nothing. I then used GMER and removed a virtual cdrom that had been sitting on my computer long after Deamon Tools had been removed. 

It is the proxy server that worries me. Doing a quick search of it there does seem to be a Trojan keylogger that will listen on that port.

 

OP: http://www.bleepingcomputer.com/forums/t/484443/possible-virus-unknown-proxy-was-set/

 

DDS Log

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.11.2
Run by User at 8:31:46 on 2013-02-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16375.13969 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: Interfaces\{5D969EFE-1A71-4BC0-950C-B6214B4FC1DD} : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{F74D5F8C-1132-40C3-B73C-4CDD7F7B5C02} : NameServer = 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-2-17 234040]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2012-6-16 1263200]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-1-27 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\DB3G.sys [2005-11-7 21120]
R3 RecFltr;Reclusa Keyboard;C:\Windows\System32\drivers\RecFltr.sys [2010-5-15 44800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-4-29 56448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-12-5 1342064]
R3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2010-4-30 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-15 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-6-16 285280]
S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-4-30 12744]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-10-11 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-11 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-18 1255736]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-6-16 3246040]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-2 361984]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
S4 gfi_lanss9_attservice;GFI LANguard 9 Attendant Service;C:\Program Files (x86)\GFI\LANguard 9\lnssatt.exe [2010-11-13 329144]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-08 08:28:39    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BC3CD99-5B54-4AB8-BFBE-B825ACE85A0E}\mpengine.dll
2013-02-07 19:00:09    --------    d-----w-    C:\FRST
2013-02-06 18:17:28    9161176    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-06 18:10:04    --------    d-----w-    C:\Users\User\AppData\Local\Programs
2013-02-06 18:06:38    --------    d-----w-    C:\$RECYCLE.BIN
2013-02-03 08:29:58    --------    d-----w-    C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-01-09 17:55:44    750592    ----a-w-    C:\Windows\System32\win32spl.dll
.
==================== Find3M  ====================
.
2013-02-04 05:56:40    697864    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-04 05:56:39    74248    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-13 10:59:45    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-13 10:59:45    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-01-13 08:14:30    281688    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-01-12 03:30:18    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-15 12:27:31    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2012-12-14 16:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-12-03 19:41:30    821736    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2012-12-03 19:41:30    746984    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2012-12-02 08:31:34    5626536    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2012-12-02 08:29:48    11270656    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2012-12-02 08:17:12    23455744    ----a-w-    C:\Windows\System32\atio6axx.dll
2012-12-02 08:00:18    163840    ----a-w-    C:\Windows\System32\atiapfxx.exe
2012-12-02 07:59:56    70144    ----a-w-    C:\Windows\System32\coinst_9.01.8.dll
2012-12-02 07:58:44    51200    ----a-w-    C:\Windows\System32\aticalrt64.dll
2012-12-02 07:58:42    46080    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2012-12-02 07:58:36    44544    ----a-w-    C:\Windows\System32\aticalcl64.dll
2012-12-02 07:58:34    44032    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2012-12-02 07:58:24    16082944    ----a-w-    C:\Windows\System32\aticaldd64.dll
2012-12-02 07:57:54    18979328    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2012-12-02 07:54:08    13703168    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2012-12-02 07:50:46    949248    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2012-12-02 07:48:52    1137664    ----a-w-    C:\Windows\System32\aticfx64.dll
2012-12-02 07:46:46    6684672    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2012-12-02 07:41:44    4674048    ----a-w-    C:\Windows\System32\atiumd6a.dll
2012-12-02 07:37:46    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2012-12-02 07:37:36    548864    ----a-w-    C:\Windows\System32\atieclxx.exe
2012-12-02 07:36:50    240640    ----a-w-    C:\Windows\System32\atiesrxx.exe
2012-12-02 07:35:26    120320    ----a-w-    C:\Windows\System32\atitmm64.dll
2012-12-02 07:35:10    21504    ----a-w-    C:\Windows\System32\atimuixx.dll
2012-12-02 07:35:04    59392    ----a-w-    C:\Windows\System32\atiedu64.dll
2012-12-02 07:35:00    43520    ----a-w-    C:\Windows\SysWow64\ati2edxx.dll
2012-12-02 07:29:30    3862528    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2012-12-02 07:29:04    7378944    ----a-w-    C:\Windows\System32\atidxx64.dll
2012-12-02 07:24:50    6781440    ----a-w-    C:\Windows\System32\atiumd64.dll
2012-12-02 07:18:38    79360    ----a-w-    C:\Windows\System32\amdave64.dll
2012-12-02 07:18:30    78336    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2012-12-02 07:18:18    74240    ----a-w-    C:\Windows\System32\atisamu64.dll
2012-12-02 07:18:12    71168    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2012-12-02 07:17:54    56320    ----a-w-    C:\Windows\System32\atimpc64.dll
2012-12-02 07:17:54    56320    ----a-w-    C:\Windows\System32\amdpcom64.dll
2012-12-02 07:17:44    56832    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2012-12-02 07:17:44    56832    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2012-12-02 07:14:28    53248    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2012-12-02 07:14:10    619008    ----a-w-    C:\Windows\System32\atiadlxx.dll
2012-12-02 07:14:00    421888    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2012-12-02 07:13:44    17920    ----a-w-    C:\Windows\System32\atig6pxx.dll
2012-12-02 07:13:42    14848    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2012-12-02 07:13:42    14848    ----a-w-    C:\Windows\System32\atiglpxx.dll
2012-12-02 07:13:38    41984    ----a-w-    C:\Windows\System32\atig6txx.dll
2012-12-02 07:13:30    33280    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2012-12-02 07:13:20    546816    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2012-12-02 07:11:28    130048    ----a-w-    C:\Windows\System32\atiuxp64.dll
2012-12-02 07:11:20    109568    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2012-12-02 07:11:14    104448    ----a-w-    C:\Windows\System32\atiu9p64.dll
2012-12-02 07:11:04    83968    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2012-12-02 03:26:50    222720    ----a-w-    C:\Windows\System32\clinfo.exe
2012-12-02 03:26:32    76288    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2012-12-02 03:26:28    65536    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2012-12-02 03:26:24    64512    ----a-w-    C:\Windows\System32\OVDecode64.dll
2012-12-02 03:26:20    56320    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2012-12-02 03:26:10    34523136    ----a-w-    C:\Windows\System32\amdocl64.dll
2012-12-02 03:21:22    28738048    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2012-12-02 03:17:02    54784    ----a-w-    C:\Windows\System32\OpenCL.dll
2012-12-02 03:16:58    50176    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
.
============= FINISH:  8:31:59.66 ===============
 


BC AdBot (Login to Remove)

 


#2 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 08 February 2013 - 03:37 AM

Ignore. Double post.


EDIT: Merged with original post. -etavares

Attached Files


Edited by etavares, 08 February 2013 - 09:33 AM.


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 11 February 2013 - 04:46 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 12 February 2013 - 07:24 AM

As instructed I ran the OTL scan but did not get an Extras.txt file.

 

OTL.Txt

 

 

OTL logfile created on: 12/02/2013 12:06:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.99 Gb Total Physical Memory | 13.96 Gb Available Physical Memory | 87.29% Memory free
31.98 Gb Paging File | 29.70 Gb Available in Paging File | 92.87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236.46 Gb Total Space | 37.68 Gb Free Space | 15.93% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 483.87 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 302.46 Gb Free Space | 32.47% Space Free | Partition Type: NTFS
 
Computer Name: MELODY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/12 12:05:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/02/10 17:58:10 | 006,097,920 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\novacoin-qt.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/15 12:27:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/18 16:11:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/04/30 09:36:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
PRC - [2010/04/28 16:25:44 | 000,228,352 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007/02/14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/11 08:40:30 | 001,169,408 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._core_.pyd
MOD - [2013/02/11 08:40:30 | 001,024,616 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\windows._cacheinvalidation.pyd
MOD - [2013/02/11 08:40:30 | 000,807,424 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._windows_.pyd
MOD - [2013/02/11 08:40:30 | 000,792,576 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._gdi_.pyd
MOD - [2013/02/11 08:40:30 | 000,731,136 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._misc_.pyd
MOD - [2013/02/11 08:40:30 | 000,645,120 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\_ssl.pyd
MOD - [2013/02/11 08:40:30 | 000,571,392 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\pysqlite2._sqlite.pyd
MOD - [2013/02/11 08:40:30 | 000,354,304 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\pythoncom26.dll
MOD - [2013/02/11 08:40:30 | 000,311,808 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\_hashlib.pyd
MOD - [2013/02/11 08:40:30 | 000,263,168 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32com.shell.shell.pyd
MOD - [2013/02/11 08:40:30 | 000,153,088 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\pyexpat.pyd
MOD - [2013/02/11 08:40:30 | 000,121,856 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._wizard.pyd
MOD - [2013/02/11 08:40:30 | 000,111,104 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32file.pyd
MOD - [2013/02/11 08:40:30 | 000,110,592 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32security.pyd
MOD - [2013/02/11 08:40:30 | 000,110,592 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\PyWinTypes26.dll
MOD - [2013/02/11 08:40:30 | 000,096,256 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32api.pyd
MOD - [2013/02/11 08:40:30 | 000,086,016 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\_elementtree.pyd
MOD - [2013/02/11 08:40:30 | 000,073,728 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\_ctypes.pyd
MOD - [2013/02/11 08:40:30 | 000,070,656 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._html2.pyd
MOD - [2013/02/11 08:40:30 | 000,040,448 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\_socket.pyd
MOD - [2013/02/11 08:40:30 | 000,039,424 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32inet.pyd
MOD - [2013/02/11 08:40:30 | 000,036,352 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32process.pyd
MOD - [2013/02/11 08:40:30 | 000,023,040 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32ts.pyd
MOD - [2013/02/11 08:40:30 | 000,022,528 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32pdh.pyd
MOD - [2013/02/11 08:40:30 | 000,017,920 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32profile.pyd
MOD - [2013/02/11 08:40:30 | 000,011,776 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32crypt.pyd
MOD - [2013/02/11 08:40:29 | 001,056,256 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\wx._controls_.pyd
MOD - [2013/02/11 08:40:29 | 000,585,728 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\unicodedata.pyd
MOD - [2013/02/11 08:40:29 | 000,017,920 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\win32event.pyd
MOD - [2013/02/11 08:40:29 | 000,011,776 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI30283\select.pyd
MOD - [2013/02/10 17:58:10 | 006,097,920 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\novacoin-qt.exe
MOD - [2013/02/09 22:56:04 | 002,552,320 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\QtCore4.dll
MOD - [2013/02/09 22:56:02 | 009,869,824 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\QtGui4.dll
MOD - [2013/02/09 22:55:58 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\libgcc_s_dw2-1.dll
MOD - [2013/02/09 22:55:58 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NovaCoin\mingwm10.dll
MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/30 09:36:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
MOD - [2010/04/28 16:25:44 | 000,228,352 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/02 07:36:50 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/11 09:53:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/09 12:03:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/18 10:26:23 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/15 12:27:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/16 12:40:20 | 003,246,040 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/05/20 12:45:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/13 23:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/11/23 05:23:44 | 001,112,240 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/13 14:06:12 | 000,329,144 | ---- | M] (GFI Software Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\GFI\LANguard 9\lnssatt.exe -- (gfi_lanss9_attservice)
SRV - [2010/10/17 19:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/02 08:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/02 07:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/16 12:40:21 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/06/16 12:40:19 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012/06/16 12:40:18 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/06/16 12:40:17 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/13 17:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 13:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 13:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 11:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 11:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/15 10:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/04 15:50:08 | 000,044,800 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RecFltr.sys -- (RecFltr)
DRV:64bit: - [2009/11/10 16:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/07 17:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 17:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/30 08:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/31 10:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2005/11/07 05:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/10/13 23:50:52 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 9B D3 AE 8E E8 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {12D97FC5-5A17-42E3-A6A0-48657056B59E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D6970CE-9D34-4540-B225-B33F2F3B2214}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/09 12:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/09 12:03:33 | 000,000,000 | ---D | M]
 
[2010/05/01 06:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2013/02/04 05:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions
[2011/10/01 09:39:10 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions\battlefieldplay4free@ea.com
[2013/01/03 15:09:56 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions\firebug@software.joehewitt.com.xpi
[2013/02/04 05:55:26 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/03 09:15:56 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/09 12:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/09 12:03:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/30 11:01:44 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/09 18:53:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/30 11:01:44 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/30 11:01:44 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/16 10:35:51 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/12/30 11:01:44 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Creatures & Castles = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: ScriptSafe = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/02/06 18:06:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D969EFE-1A71-4BC0-950C-B6214B4FC1DD}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F74D5F8C-1132-40C3-B73C-4CDD7F7B5C02}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/12 12:05:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/11 19:16:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NovaCoin
[2013/02/11 19:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaCoin
[2013/02/11 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaCoin
[2013/02/10 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87B28F34-2284-4D3B-B2E9-7C3E3CB8B3CF}
[2013/02/10 09:34:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\cgminer-2.10.5-win32
[2013/02/09 17:12:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Minecraft vids
[2013/02/09 14:48:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8804B076-237F-4A35-ACAA-84A8015390A3}
[2013/02/09 14:48:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4B4D7F62-7AC6-48CF-94F6-9D85CF9DF5AE}
[2013/02/09 14:20:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BANDISOFT
[2013/02/09 14:20:24 | 000,000,000 | ---D | C] -- E:\Profile\Google Drive\Documents\Bandicam
[2013/02/09 14:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2013/02/09 14:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2013/02/09 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2013/02/09 12:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/09 08:58:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ESN
[2013/02/07 19:00:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/06 18:10:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013/02/06 18:08:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/06 18:06:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/06 13:38:58 | 000,000,000 | ---D | C] -- E:\Profile\Google Drive\Documents\VVVVVV
[2013/01/26 08:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ Closed Beta
[2013/01/25 18:09:24 | 000,000,000 | ---D | C] -- E:\Profile\Google Drive\Documents\SavedGames
[2013/01/13 17:55:40 | 000,000,000 | ---D | C] -- E:\Profile\Google Drive\Documents\Telltale Games
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/12 12:05:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/12 12:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2177771853-606893853-1248625922-1000UA.job
[2013/02/12 11:37:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 11:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 09:15:16 | 000,002,070 | -H-- | M] () -- E:\Profile\Google Drive\Documents\Default.rdp
[2013/02/12 07:37:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 19:51:46 | 000,007,613 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2013/02/11 19:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2177771853-606893853-1248625922-1000Core.job
[2013/02/11 09:53:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/11 09:53:52 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/11 08:47:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 08:47:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 08:46:47 | 000,796,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/11 08:46:47 | 000,678,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/11 08:46:47 | 000,131,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 08:40:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 08:40:21 | 4287,696,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/09 14:17:42 | 000,002,050 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/09 09:03:37 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/02/09 09:03:37 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/09 09:00:02 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/02/06 18:06:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/29 19:49:14 | 000,000,600 | ---- | M] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2013/01/25 18:09:06 | 000,783,346 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/11 09:53:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/26 12:38:33 | 000,581,642 | ---- | C] () -- C:\Users\User\AppData\Roaming\technic-launcher.jar
[2012/12/15 12:27:32 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/15 12:27:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/02 07:38:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/02 07:38:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/19 07:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012/11/19 07:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012/06/15 19:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/15 19:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/15 19:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/15 19:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/15 19:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/20 14:47:45 | 000,003,777 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2012/05/20 07:00:30 | 000,000,030 | ---- | C] () -- C:\Users\User\.gitconfig
[2012/05/19 19:16:31 | 000,000,261 | ---- | C] () -- C:\Users\User\appMobiToolkit.props
[2012/05/03 17:32:28 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 16:19:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/29 11:39:28 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\viscomqtde.dll
[2011/12/29 11:39:27 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/12/27 10:00:57 | 000,000,581 | ---- | C] () -- C:\Users\User\AppData\Local\cookies.ini
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/08 13:46:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 09:24:55 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/07/22 00:05:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/22 00:05:53 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/22 00:05:53 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/22 00:05:52 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/21 12:58:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 11:32:12 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/01/02 09:17:24 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2010/12/15 10:43:32 | 000,045,329 | ---- | C] () -- C:\Users\User\.shsh.rar
[2010/09/24 15:33:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\prvlcl.dat
[2010/09/06 19:47:11 | 000,007,613 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2010/07/13 21:21:00 | 000,018,432 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 11:54:32 | 000,000,112 | ---- | C] () -- C:\Users\User\.asadminpass
[2010/07/01 11:54:26 | 000,000,760 | ---- | C] () -- C:\Users\User\.asadmintruststore
[2010/06/19 19:13:14 | 000,000,600 | ---- | C] () -- C:\Users\User\PUTTY.RND
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/02/06 14:59:45 | 000,000,768 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/02/04 07:18:44 | 000,001,346 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/02/06 18:08:25 | 000,028,889 | ---- | M] () -- C:\ComboFix.txt
[2012/12/15 10:53:53 | 000,000,628 | ---- | M] () -- C:\err.txt
[2013/02/11 08:40:21 | 4287,696,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 08:40:25 | 4285,276,157 | -HS- | M] () -- C:\pagefile.sys
[2013/02/07 09:21:21 | 000,144,096 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_07.02.2013_09.21.05_log.txt
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 13 February 2013 - 04:37 AM

Good evening Bushstar,

Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    =====

    Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

    Please go here to see a list of programs that need to be disabled.

    **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

    **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

    Please include the C:\ComboFix.txt in your next reply for further review.

    =====

    In your reply I would like to see the contents of the fix log from OTL and ComboFix.txt. please.

Edited by The Dark Knight, 13 February 2013 - 04:38 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 13 February 2013 - 08:35 AM

OTL Log

 

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 737074884 bytes
->Temporary Internet Files folder emptied: 93841866 bytes
->Java cache emptied: 43721204 bytes
->FireFox cache emptied: 342306878 bytes
->Google Chrome cache emptied: 137136063 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57427 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 802816 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35210145 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,326.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02132013_124133
 
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
ComboFix
 
ComboFix 13-02-13.01 - User 13/02/2013  13:10:54.11.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.16375.14696 [GMT 0:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Temp\_MEI24682\_ctypes.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\_elementtree.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\_hashlib.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\_socket.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\_ssl.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\pyexpat.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\pysqlite2._sqlite.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\python26.dll
c:\users\User\AppData\Local\Temp\_MEI24682\pythoncom26.dll
c:\users\User\AppData\Local\Temp\_MEI24682\PyWinTypes26.dll
c:\users\User\AppData\Local\Temp\_MEI24682\select.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\unicodedata.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32api.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32com.shell.shell.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32crypt.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32event.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32file.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32inet.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32pdh.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32process.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32profile.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32security.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\win32ts.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\windows._cacheinvalidation.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._controls_.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._core_.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._gdi_.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._html2.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._misc_.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._windows_.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wx._wizard.pyd
c:\users\User\AppData\Local\Temp\_MEI24682\wxbase293u_net_vc.dll
c:\users\User\AppData\Local\Temp\_MEI24682\wxbase293u_vc.dll
c:\users\User\AppData\Local\Temp\_MEI24682\wxmsw293u_adv_vc.dll
c:\users\User\AppData\Local\Temp\_MEI24682\wxmsw293u_core_vc.dll
c:\users\User\AppData\Local\Temp\_MEI24682\wxmsw293u_html_vc.dll
c:\users\User\AppData\Local\Temp\_MEI24682\wxmsw293u_webview_vc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-13 to 2013-02-13  )))))))))))))))))))))))))))))))
.
.
2013-02-13 13:14 . 2013-02-13 13:14    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-02-13 13:14 . 2013-02-13 13:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-13 12:54 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06A51DD1-3842-43B0-BFD7-10C746554688}\mpengine.dll
2013-02-13 12:41 . 2013-02-13 12:41    --------    d-----w-    C:\_OTL
2013-02-13 03:01 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 03:01 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 22:47 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-12 22:47 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 22:47 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 22:47 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-12 22:47 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-12 22:47 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-12 22:47 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-12 22:47 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-12 22:47 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-12 22:47 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-12 22:47 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-12 22:47 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 08:51 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-11 19:16 . 2013-02-13 08:02    --------    d-----w-    c:\users\User\AppData\Roaming\NovaCoin
2013-02-11 19:16 . 2013-02-11 19:16    --------    d-----w-    c:\program files (x86)\NovaCoin
2013-02-09 14:20 . 2013-02-09 14:20    --------    d-----w-    c:\users\User\AppData\Roaming\BANDISOFT
2013-02-09 14:20 . 2013-02-09 14:20    --------    d-----w-    c:\program files (x86)\Bandicam
2013-02-09 14:20 . 2013-02-09 14:20    --------    d-----w-    c:\program files (x86)\BandiMPEG1
2013-02-09 08:58 . 2013-02-09 08:58    --------    d-----w-    c:\users\User\AppData\Local\ESN
2013-02-07 19:00 . 2013-02-07 19:00    --------    d-----w-    C:\FRST
2013-02-06 18:10 . 2013-02-06 18:10    --------    d-----w-    c:\users\User\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 03:02 . 2010-05-12 20:05    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-11 09:53 . 2012-04-03 17:57    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 09:53 . 2011-05-26 17:28    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 09:03 . 2012-12-15 12:27    281520    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-02-09 09:03 . 2010-05-01 19:35    281520    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-02-09 09:00 . 2010-04-30 21:11    283304    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-01-30 10:53 . 2010-04-30 18:24    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-12 03:30 . 2012-12-03 19:41    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-04 04:43 . 2013-02-12 22:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 19:12    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:12    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:12    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:12    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 12:27 . 2012-12-15 12:27    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2012-12-14 16:49 . 2010-05-19 11:57    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 17:55    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 17:55    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 17:55    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 17:55    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 17:55    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 17:55    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 17:55    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 17:55    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 17:55    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 17:55    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 17:55    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 17:55    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 17:55    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 17:55    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 17:55    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 17:55    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 17:55    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 17:55    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 17:55    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 17:55    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 17:55    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 17:55    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 17:55    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 17:55    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 17:55    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 17:55    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 17:55    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-03 19:41 . 2012-06-24 09:48    821736    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2012-12-03 19:41 . 2010-07-01 17:46    746984    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-12-02 08:31 . 2012-12-02 08:31    5626536    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29    11270656    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17    23455744    ----a-w-    c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:59    70144    ----a-w-    c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58    16082944    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57    18979328    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54    13703168    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50    949248    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-12-02 07:48    1137664    ----a-w-    c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46    6684672    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-12-02 07:41    4674048    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37    548864    ----a-w-    c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36    240640    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29    3862528    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-12-02 07:29    7378944    ----a-w-    c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-12-02 07:24    6781440    ----a-w-    c:\windows\system32\atiumd64.dll
2012-12-02 07:18 . 2012-12-02 07:18    79360    ----a-w-    c:\windows\system32\amdave64.dll
2012-12-02 07:18 . 2012-12-02 07:18    78336    ----a-w-    c:\windows\SysWow64\amdave32.dll
2012-12-02 07:18 . 2012-12-02 07:18    74240    ----a-w-    c:\windows\system32\atisamu64.dll
2012-12-02 07:18 . 2012-12-02 07:18    71168    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2012-12-02 07:17 . 2012-12-02 07:17    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14    619008    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14    421888    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13    546816    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-12-02 07:11    130048    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11    109568    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-12-02 07:11    104448    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:11    83968    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-12-02 03:26 . 2012-12-02 03:26    222720    ----a-w-    c:\windows\system32\clinfo.exe
2012-12-02 03:26 . 2012-12-02 03:26    76288    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-12-02 03:26 . 2012-12-02 03:26    65536    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-12-02 03:26 . 2012-12-02 03:26    64512    ----a-w-    c:\windows\system32\OVDecode64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2010-04-28 228352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-06-16 285280]
R3 ALSysIO;ALSysIO;c:\users\User\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 atillk64;atillk64;c:\users\User\Desktop\ati_winflash_2.0.1.14\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1255736]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-16 3246040]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
R4 gfi_lanss9_attservice;GFI LANguard 9 Attendant Service;c:\program files (x86)\GFI\LANguard 9\lnssatt.exe [2010-11-13 329144]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-11-10 234040]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-06-16 1263200]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2010-01-04 44800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1342064]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-02-15 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 09:53]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 09:44]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 09:44]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2177771853-606893853-1248625922-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 12:20]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2177771853-606893853-1248625922-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 12:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{F74D5F8C-1132-40C3-B73C-4CDD7F7B5C02}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki7kwdno.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2177771853-606893853-1248625922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u[¢g]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2177771853-606893853-1248625922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u[¢g\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2177771853-606893853-1248625922-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,aa,35,cf,a8,88,c5,6c,e8,20,6f,12,43,6b,36,88,e4,b6,a9,9e,14,
   4e,96,71,85,24,f6,0e,4d,c3,26,de,39,0c,76,20,91,5c,b2,7e,cb,46,73,e7,e6,1f,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-02-13  13:17:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-13 13:17
ComboFix2.txt  2013-02-06 18:08
ComboFix3.txt  2012-11-08 07:23
ComboFix4.txt  2012-11-04 10:59
ComboFix5.txt  2013-02-13 13:10
.
Pre-Run: 40,350,257,152 bytes free
Post-Run: 39,731,453,952 bytes free
.
- - End Of File - - 5289F5E42178E58311518BCDF1BA9F60
 


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 13 February 2013 - 03:33 PM

Good morning Bushstar,

 

How do things seem to be running?

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 14 February 2013 - 10:38 AM

Here we go ESET log. Nothing really found. 

 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7d92ee7339491049ada8c0a9d0a0a3ef
# engine=13153
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-14 02:38:44
# local_time=2013-02-14 02:38:44 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 42524548 113317774 0 0
# scanned=645085
# found=3
# cleaned=3
# scan_time=5271
sh=D99FF831E9EECB15D1F2A5AC53EAFE45DDC9D17D ft=1 fh=42931b6aebf53620 vn="a variant of Win32/BitCoinMiner.N application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\User\Desktop\cgminer-2.10.5-win32\cgminer-fpgaonly.exe"
sh=9C3A6CD9864F72B580F0291512464FD449A2914B ft=1 fh=a8beaf798f02fce6 vn="a variant of Win32/BitCoinMiner.N application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\User\Desktop\cgminer-2.10.5-win32\cgminer.exe"
sh=FA8AFC3C4596FB8A2D78B4E0A6E53407FAD661C4 ft=1 fh=64b6795ad4027c0c vn="Win32/PSWTool.EFSKey.A application (cleaned by deleting - quarantined)" ac=C fn="E:\Software\Passware\Passware Kit Enterprise Edition v7.0.1207\8-3-0-kit-ent.exe"


#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 14 February 2013 - 03:33 PM

Hey Bushstar,

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • How is your computer running?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 15 February 2013 - 03:14 AM

Computer is fine. My concern is that random local proxy that appeared. No idea how long it was there for.

 

 

 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Sun Java System Application Server Platform Edition 
 Java 7 Update 11  
 Adobe Flash Player 11.5.502.149  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
 Mozilla Firefox (18.0.2) 
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 15 February 2013 - 04:09 AM

Hello Bushstar,

I believe you removed the proxy. It was probably obtained from visiting a dodgy website or clicking a dodgy link.

I notice that you have the User Account Control turned off. This is a very important security feature on Windows Vista and 7, as it allows you to restrict access to your computer and control programs that try to run. Please see below on how to turn it on:

http://windows.microsoft.com/en-AU/windows-vista/Turn-User-Account-Control-on-or-off

=====

And, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:
  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.
  • =====

    In your reply please let me know how the updates go.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 Bushstar

Bushstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 15 February 2013 - 10:44 AM

The proxy was set to the loopback adapter and I was able to access the Internet normally. Surely this means that there was a program listening on port 19876 to forward the traffic on. I do use Chrome with ScriptSafe but perhaps I allowed something I shouldn't have.

 

Anyway the computer seems fine and no malware has been found so I'll leave it like it is.

 

Thanks for your help.


Edited by Bushstar, 15 February 2013 - 10:44 AM.


#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 15 February 2013 - 04:25 PM

Hello Bushstar,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall


To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
  • And AdwCleaner:Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Right-click the Recycle Bin and please select Empty Recycle Bin.
    • Please double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with Yes.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. smile.png


Edited by The Dark Knight, 15 February 2013 - 04:25 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:52 PM

Posted 22 February 2013 - 04:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users