Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox keeps going to other websites.


  • This topic is locked This topic is locked
26 replies to this topic

#1 infamouskid

infamouskid

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 March 2013 - 07:18 PM

HI.

I need some help. My FF keeps forwarding me to other sites.

it can be during a search lookup or if i just click something. it'll load the page i want then immediately go to another page right after.

i tried scanning with mbam and MSE and spybot snd.

it found several infections which were all cleaned.

not sure what else i can do.

 

please help.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 26 March 2013 - 08:16 PM


Hello infamouskid

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
      • report from security check
        • let me know of any problems you may have had
      Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 March 2013 - 10:56 PM

hi there.

thanks for the response.

here is what you requested.

 

securitycheck log :

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Adobe Flash Player     11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 

attach.txt log :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume5
Install Date: 11/5/2012 7:16:13 AM
System Uptime: 3/26/2013 9:17:46 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z77X-UD5H
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | Intel® Core™ i5-3570K CPU @ 3.40GHz | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 19.144 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 298.748 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 799.643 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 169.728 GiB free.
Z: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82579V Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Manufacturer: Intel
Name: Intel® 82579V Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_E0001458&REV_04\3&11583659&0&C8
Service: e1cexpress
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Manufacturer: Qualcomm Atheros
Name: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Service: L1C
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
@BIOS
µTorrent
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
ASUS Xonar DG Audio Driver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Box Sync (64 bit)
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
CCleaner
CDBurnerXP
CPUID CPU-Z 1.63.0
Daum ½ºÅ©¸°¼¼À̹ö °íÈ­Áú¹öÀü
DivX Setup
Dota 2
Dropbox
EVGA Precision X 4.0.0
FTL: Faster Than Light
Heaven DX11 Benchmark version 3.0
Heroes of Newerth
HP USB Disk Storage Format Tool
ImgBurn
inSSIDer
Intel® Management Engine Components
Intel® Network Connections 17.2.154.0
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
K-Lite Codec Pack 9.4.0 (Basic)
LastPass(uninstall only)
League of Legends
Marvell Storage Utility V4
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Corporation
Microsoft LifeCam
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Natural Selection 2
Neverwinter
NewsLeecher v3.9 Final
Notepad++
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Drivers
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Performance
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA Update 1.11.3
NVIDIA Update Components
ON_OFF Charge B12.1025.1
Open Broadcaster Software
OpenAL
Oracle VM VirtualBox 4.2.4
Origin
QuickPar 0.9
Realtek High Definition Audio Driver
Samsung Printer Live Update
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.1
Sniper Elite: Nazi Zombie Army
Spotify
Steam
SUPERAntiSpyware
Supercade
swMSM
TeamSpeak 3 Client
TeamViewer 8
The War Z
TP-LINK Wireless Client Utility
UnoHelper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
VLC media player 2.0.5
War Thunder Launcher 1.0.1.171
WBFS Manager 3.0
WBFS to ISO
XBMC
.
==== Event Viewer Messages From Past Week ========
.
3/26/2013 9:19:58 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/26/2013 9:19:58 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
3/26/2013 9:17:57 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  raeehd vhjrap
3/26/2013 8:33:44 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/26/2013 8:30:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/26/2013 8:25:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/26/2013 8:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/26/2013 8:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2013 8:25:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/26/2013 8:25:13 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AppleCharger discache MpFilter raeehd spldr VBoxDrv vhjrap Wanarpv6
3/19/2013 3:30:05 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
3/19/2013 3:27:24 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/19/2013 3:27:24 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/19/2013 3:26:26 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
3/19/2013 10:32:31 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
3/19/2013 10:32:01 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/19/2013 10:32:01 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
3/19/2013 10:29:59 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.145.2023.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.9203.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
3/19/2013 10:29:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/19/2013 10:29:27 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

 

 

dds.txt log :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by pro at 23:52:07 on 2013-03-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8147.6149 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
E:\Program Files\Box Sync\UpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
E:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
E:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\Pro\Desktop\AV\Defogger.exe
E:\Pro\Desktop\AV\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\svchost.exe -k defragsvc
E:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - E:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [MSUTray] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - E:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{57FEED2E-6B67-4BD5-BFBB-823F99F5C1B3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{57FEED2E-6B67-4BD5-BFBB-823F99F5C1B3}\F4050514F57414E474E414D4F5354595C454 : DHCPNameServer = 199.21.151.42 199.21.151.25
TCP: Interfaces\{EB287872-D524-4969-A03E-D39A8A15C7FE} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F06644EF-F648-470B-A8AF-28F33979BDB0} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - E:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - E:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\pro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - ExtSQL: 2013-03-16 13:36; firefox@mega.co.nz; C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 17:22; 5nc3QHFgcb@r06Ws9gvNNVRfH.com; C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-11-4 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-4 27456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-4 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-5 21616]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 #UpdateService;Box Sync Auto-updater;E:\Program Files\Box Sync\UpdateService.exe [2012-11-7 8704]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-4 7168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-5 166720]
R2 Marvell Storage Management;Marvell Storage Management Service;C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe [2012-5-14 313192]
R2 MSUWebService;MSU Web Service;C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [2011-11-21 24645]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-8 3560288]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-5 365376]
R3 cmudaxp;ASUS Xonar DGX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-3-4 2727936]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-4 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-4 789824]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-11-4 32344]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
R3 Mv_Process;Marvell process notification.;C:\Windows\SysWOW64\Mv_Process.sys [2011-11-21 14376]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;E:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-12-20 276256]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-4 110744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-1-23 18432]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-5 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-5 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-20 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="E:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-27 01:17:59    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-27 00:50:21    --------    d-----w-    C:\Users\pro\AppData\Roaming\SUPERAntiSpyware.com
2013-03-27 00:50:10    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-03-26 04:54:18    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEFE2E97-B840-45FC-866F-193B65920FAE}\mpengine.dll
2013-03-26 00:43:05    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-25 00:27:56    --------    d-----w-    C:\ProgramData\PCPitstop
2013-03-20 22:09:35    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC8162C2-F468-4642-9ED3-F39258F9214C}\gapaengine.dll
2013-03-20 20:40:53    19968    ----a-w-    C:\Windows\System32\drivers\usb80236.sys
2013-03-20 20:40:53    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-03-19 20:55:11    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-19 14:26:57    98816    ----a-w-    C:\Windows\sed.exe
2013-03-19 14:26:57    256000    ----a-w-    C:\Windows\PEV.exe
2013-03-19 14:26:57    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-16 02:36:19    --------    d-----w-    C:\Users\pro\AppData\Local\WarThunder
2013-03-16 02:36:19    --------    d-----w-    C:\ProgramData\WarThunder
2013-03-05 08:32:37    --------    d-----w-    C:\Users\pro\AppData\Roaming\OBS
2013-03-05 02:11:43    --------    d-----w-    C:\Users\pro\AppData\Local\CrashRpt
2013-03-05 02:11:43    --------    d-----w-    C:\Users\pro\AppData\Local\Arktos
2013-03-04 22:15:43    --------    d-----w-    C:\Users\pro\AppData\Roaming\ASUS
2013-03-04 22:15:41    419840    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-03-04 22:15:41    413696    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-03-04 22:15:41    111616    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-03-04 22:15:41    102400    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-03-04 22:15:41    --------    d-----w-    C:\Program Files (x86)\OpenAL
2013-03-04 21:47:46    359424    ------w-    C:\Windows\System32\CmiInstallResAll64.dll
2013-03-04 21:47:36    32768    ----a-w-    C:\Windows\System32\cmudaxp.dll
2013-03-04 21:47:36    315392    ----a-w-    C:\Windows\SysWow64\CmiFltr.dll
2013-03-04 21:47:36    315392    ----a-w-    C:\Windows\system\CmiFltr.dll
2013-03-04 21:47:36    2727936    ----a-w-    C:\Windows\System32\drivers\cmudaxp.sys
2013-03-02 18:29:30    --------    d-----w-    C:\Users\pro\AppData\Local\Sniper Elite Nazi Zombie Army
2013-02-27 16:58:41    --------    d-----w-    C:\CCE_Quarantine
2013-02-26 19:31:02    5    ----a-w-    C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-02-26 18:09:06    --------    d-----w-    C:\Users\pro\AppData\Roaming\Origin
2013-02-26 18:09:06    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-02-26 18:09:04    --------    d-----w-    C:\Users\pro\AppData\Local\Origin
2013-02-26 18:08:31    --------    d-----w-    C:\ProgramData\Origin
2013-02-26 18:08:31    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-02-25 21:59:00    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-02-25 06:49:18    --------    d-----w-    C:\Users\pro\AppData\Roaming\Malwarebytes
2013-02-25 06:49:05    --------    d-----w-    C:\ProgramData\Malwarebytes
.
==================== Find3M  ====================
.
2013-03-25 18:17:48    25640    ----a-w-    C:\Windows\gdrv.sys
2013-03-13 15:15:33    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-13 15:15:33    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-13 06:02:12    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 06:02:12    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-18 14:22:18    31080    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-02-18 14:22:18    1472360    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 14:22:16    189288    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-06 11:42:10    203544    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-02-06 11:42:08    102936    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-27 05:20:15    960416    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-01-27 05:20:15    1081760    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-01-23 23:58:22    18432    ----a-w-    C:\Windows\System32\drivers\rimvndis6_AMD64.sys
2013-01-20 20:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-18 15:00:28    6390048    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28    3460896    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11    2953448    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-01-18 15:00:11    2558240    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11    118560    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-01-18 13:15:24    550176    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
.
============= FINISH: 23:52:13.84 ===============

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 26 March 2013 - 11:12 PM


Hello infamouskid


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 March 2013 - 11:36 PM

ok here are the rest of what you asked for.

 

adwcleaner.txt log :

 

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 00:28:49
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : pro - PRO-PC
# Boot Mode : Normal
# Running from : E:\Pro\Desktop\AV\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R6].txt - [847 octets] - [27/03/2013 00:27:09]
AdwCleaner[R7].txt - [906 octets] - [27/03/2013 00:28:39]
AdwCleaner[S5].txt - [842 octets] - [27/03/2013 00:28:49]

########## EOF - C:\AdwCleaner[S5].txt - [901 octets] #########
#

 

 

rkreport.txt log :

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : pro [Admin rights]
Mode : Remove -- Date : 03/27/2013 00:33:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00TMA0 ATA Device +++++
--- User ---
[MBR] 5762e5bb963c70ae168f3bf875b39fc5
[BSP] fca96cb963fe71c9c7f79b3574e4d148 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00A7B0 ATA Device +++++
--- User ---
[MBR] 6d8bfda2a213a2ee4f1cdf465e2e1045
[BSP] 150c41d6a8784cf04a2daab1f5a497c4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ATA OCZ-SOLID3 SCSI Disk Device +++++
--- User ---
[MBR] 817272b8ad4df08f0a81951ddf30db4d
[BSP] 95025fcd93a332dd6f284e400161a684 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 114473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ATA OCZ-VERTEX3 SCSI Disk Device +++++
--- User ---
[MBR] d3a1d38a5fd19d2bda7403d601c0d25b
[BSP] b4f1696119e79baadd8ceec7074f96c7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57239 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: ATA WDC WD10EADS-00L SCSI Disk Device +++++
--- User ---
[MBR] 579de01bfb050ce8c2f46bc023098f5c
[BSP] 633874ee51f66251217e937d1d882bd0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03272013_02d0033.txt >>
RKreport[1]_S_03272013_02d0032.txt ; RKreport[2]_D_03272013_02d0033.txt





 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 26 March 2013 - 11:48 PM


Hello infamouskid

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 March 2013 - 12:30 AM

I wont know for sure how it is. i'll report back in a few minutes after i browse for a bit.
in the meantime.
here is the rest of what you asked for.
 
combofox log :
 
]ComboFix 13-03-26.01 - pro 03/27/2013   1:22.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8147.6618 [GMT -4:00]
Running from: e:\pro\Desktop\AV\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-27 to 2013-03-27  )))))))))))))))))))))))))))))))
.
.
2013-03-27 05:25 . 2013-03-27 05:25    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-03-27 05:25 . 2013-03-27 05:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-27 00:50 . 2013-03-27 00:50    --------    d-----w-    c:\users\pro\AppData\Roaming\SUPERAntiSpyware.com
2013-03-27 00:50 . 2013-03-27 00:50    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-26 04:54 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEFE2E97-B840-45FC-866F-193B65920FAE}\mpengine.dll
2013-03-26 00:43 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-25 00:27 . 2013-03-25 00:27    --------    d-----w-    c:\programdata\PCPitstop
2013-03-25 00:27 . 2013-03-25 00:29    --------    d-----w-    e:\program files (x86)\PCPitstop
2013-03-25 00:05 . 2013-03-25 00:04    307200    ----a-w-    e:\program files (x86)\Internet Explorer\iediagcmd.exe
2013-03-25 00:05 . 2013-03-25 00:04    107008    ----a-w-    e:\program files (x86)\Internet Explorer\iecleanup.exe
2013-03-24 23:54 . 2013-02-17 05:40    28672    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-03-21 07:49 . 2013-03-21 20:32    --------    d-----w-    e:\program files (x86)\Cryptic Studios
2013-03-21 06:07 . 2013-03-25 00:53    --------    d-----w-    e:\program files (x86)\DefianceBeta
2013-03-20 22:09 . 2012-11-29 15:49    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC8162C2-F468-4642-9ED3-F39258F9214C}\gapaengine.dll
2013-03-20 20:40 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb80236.sys
2013-03-20 20:40 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-19 20:55 . 2013-03-19 20:56    --------    d-----w-    c:\users\pro\AppData\Roaming\Ventrilo
2013-03-19 20:55 . 2013-03-19 20:55    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-16 02:36 . 2013-03-18 06:05    --------    d-----w-    c:\programdata\WarThunder
2013-03-16 02:36 . 2013-03-16 02:36    --------    d-----w-    c:\users\pro\AppData\Local\WarThunder
2013-03-16 02:36 . 2013-03-24 04:35    --------    d-----w-    e:\program files (x86)\War Thunder
2013-03-05 08:32 . 2013-03-05 08:32    --------    d-----w-    c:\users\pro\AppData\Roaming\OBS
2013-03-05 08:32 . 2013-03-05 08:32    --------    d-----w-    e:\program files (x86)\OBS
2013-03-05 02:11 . 2013-03-05 02:11    --------    d-----w-    c:\users\pro\AppData\Local\CrashRpt
2013-03-05 02:11 . 2013-03-05 02:11    --------    d-----w-    c:\users\pro\AppData\Local\Arktos
2013-03-04 22:15 . 2013-03-04 22:15    --------    d-----w-    c:\users\pro\AppData\Roaming\ASUS
2013-03-04 22:15 . 2013-03-04 22:15    419840    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-03-04 22:15 . 2013-03-04 22:15    413696    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-03-04 22:15 . 2013-03-04 22:15    111616    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-04 22:15 . 2013-03-04 22:15    102400    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-04 21:47 . 2009-08-19 08:00    359424    ------w-    c:\windows\system32\CmiInstallResAll64.dll
2013-03-04 21:47 . 2011-12-20 06:59    315392    ----a-w-    c:\windows\SysWow64\CmiFltr.dll
2013-03-04 21:47 . 2011-12-20 06:59    315392    ----a-w-    c:\windows\system\CmiFltr.dll
2013-03-04 21:47 . 2011-12-20 06:59    32768    ----a-w-    c:\windows\system32\cmudaxp.dll
2013-03-04 21:47 . 2011-12-20 06:59    2727936    ----a-w-    c:\windows\system32\drivers\cmudaxp.sys
2013-03-02 18:29 . 2013-03-02 18:31    --------    d-----w-    c:\users\pro\AppData\Local\Sniper Elite Nazi Zombie Army
2013-02-27 16:58 . 2013-02-27 17:05    --------    d-----w-    C:\CCE_Quarantine
2013-02-26 19:31 . 2013-02-26 19:31    5    ----a-w-    c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-02-26 18:09 . 2013-02-27 03:43    --------    d-----w-    c:\users\pro\AppData\Roaming\Origin
2013-02-26 18:09 . 2013-02-26 18:46    --------    d-----w-    c:\users\pro\AppData\Local\Origin
2013-02-26 18:08 . 2013-02-26 18:32    --------    d-----w-    c:\programdata\Origin
2013-02-26 18:08 . 2013-02-26 18:08    --------    d-----w-    c:\programdata\Electronic Arts
2013-02-26 18:08 . 2013-02-26 18:09    --------    d-----w-    e:\program files (x86)\Origin
2013-02-25 21:59 . 2013-02-25 22:35    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-02-25 21:58 . 2013-03-27 01:17    --------    d-----w-    e:\program files (x86)\Spybot - Search & Destroy 2
2013-02-25 06:49 . 2013-02-25 06:49    --------    d-----w-    c:\users\pro\AppData\Roaming\Malwarebytes
2013-02-25 06:49 . 2013-02-25 06:49    --------    d-----w-    c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:17 . 2012-11-05 03:34    25640    ----a-w-    c:\windows\gdrv.sys
2013-03-13 23:00 . 2012-11-05 05:20    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-13 15:15 . 2012-11-05 06:46    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-13 15:15 . 2012-11-05 06:46    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-13 06:02 . 2012-11-05 07:18    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 06:02 . 2012-11-05 07:18    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 05:32 . 2013-01-06 03:43    15129960    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-02-26 05:32 . 2012-10-11 02:23    2826040    ----a-w-    c:\windows\system32\nvapi64.dll
2013-02-26 05:32 . 2012-10-11 02:23    1107440    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-02-26 05:32 . 2012-10-11 02:22    1814304    ----a-w-    c:\windows\system32\nvdispco64.dll
2013-02-26 05:32 . 2012-10-11 02:23    1510176    ----a-w-    c:\windows\system32\nvdispgenco64.dll
2013-02-26 05:32 . 2012-10-11 02:23    15053264    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-02-18 14:22 . 2013-02-18 14:22    31080    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-02-18 14:22 . 2013-02-18 14:22    1472360    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 14:22 . 2013-02-18 14:22    189288    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-12 18:52    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 18:52    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 18:52    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 18:52    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 18:52    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 18:52    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 11:42 . 2013-02-06 11:42    203544    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 11:42 . 2013-02-06 11:42    102936    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-01-30 10:53 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-27 05:20 . 2012-11-05 06:46    960416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-27 05:20 . 2012-11-05 06:46    1081760    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-01-23 23:58 . 2013-01-23 23:58    18432    ----a-w-    c:\windows\system32\drivers\rimvndis6_AMD64.sys
2013-01-20 20:59 . 2013-01-20 20:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2012-08-31 03:03    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 15:00 . 2012-11-05 01:33    6390048    ----a-w-    c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-11-05 01:33    3460896    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-11-05 01:33    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-11-05 01:33    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-11-05 01:33    2953448    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2012-11-05 01:33    2558240    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-11-05 01:33    118560    ----a-w-    c:\windows\system32\nvmctray.dll
2013-01-18 13:15 . 2013-01-18 13:15    550176    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-01-05 05:53 . 2013-02-13 01:38    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 01:38    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 01:38    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 01:38    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 01:38    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 01:38    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 01:38    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 01:38    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 01:38    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 01:38    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 01:38    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 01:38    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 01:38    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-05 08:01 . 2012-11-05 08:01    14825544    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-03-27 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-23 56128]
"MSUTray"="c:\program files (x86)\Marvell\storage\tray\MarvellTray.exe" [2012-06-13 1213952]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 raeehd;raeehd; [x]
R0 vhjrap;vhjrap; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-20 276256]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys [2013-01-23 18432]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-02-12 19968]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-27 131416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-05 1255736]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-08-16 645952]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-08-16 27456]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-27 237400]
S2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 8704pdateService;Box Sync Auto-updater;e:\program files\Box Sync\UpdateService.exe [2012-11-07 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-16 7168]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-06-05 190824]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 Marvell Storage Management;Marvell Storage Management Service;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe [2012-05-14 313192]
S2 MSUWebService;MSU Web Service;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe [2011-11-22 24645]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys [2011-11-22 14376]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 06:02]
.
2013-03-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3fb0b9b7-41b4-4e56-9c48-a0583c3134e0.job
- e:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-03-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e467ad92-92af-4d09-9f7b-bf3fca673e64.job
- e:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EB287872-D524-4969-A03E-D39A8A15C7FE}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 13:36; firefox@mega.co.nz; c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 17:22; 5nc3QHFgcb@r06Ws9gvNNVRfH.com; c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1872388557-535701386-2326627625-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86C4C27A-2D21-FB7C-CB33-9E3DF55614E1}*]
"pabklnpikhlgngdapddcjbechlcbanki"=hex:6a,61,62,6a,6b,6b,6b,6e,64,66,62,6c,6b,
   6a,65,70,70,63,6b,62,00,f5
"oahlcogcijniphinodpaonbjgaojhc"=hex:6a,61,62,6a,6b,6b,6b,6e,64,66,62,6c,6b,6a,
   65,70,70,63,6b,62,00,f5
"oapmpjebaicheaijdoknkckkdcbcme"=hex:61,61,00,02
"nabmchgkmhopgheapgebakkfolnp"=hex:66,61,6a,6c,66,66,66,6d,6e,6b,68,65,00,0c
"abammpjdeafagbngjkhidlimejefjdpobb"=hex:64,62,6d,6c,63,61,67,6e,67,69,6b,6e,
   6f,6c,64,66,6b,67,66,6d,68,6e,6c,64,69,65,70,65,6b,68,6d,62,61,65,68,68,62,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-27  01:26:24
ComboFix-quarantined-files.txt  2013-03-27 05:26
ComboFix2.txt  2013-03-27 00:34
.
Pre-Run: 20,509,241,344 bytes free
Post-Run: 20,545,691,648 bytes free
.
- - End Of File - - C3B89CD6391681709AFF78D94E8A2734[/b]

Edited by gringo_pr, 27 March 2013 - 12:50 AM.


#8 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 March 2013 - 12:34 AM

also i noticed combofix had some files under quarantine.

here is the log of the files mentioned.

 

2013-03-27 00:34:03 . 2013-03-27 00:34:03              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-03-27 00:34:01 . 2013-03-27 00:34:01              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-23856385.sys.reg.dat
2013-03-27 00:32:54 . 2013-03-27 05:24:37           16,231 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-03-27 00:30:05 . 2013-03-27 05:22:11              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log

 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 27 March 2013 - 12:51 AM


Hello infamouskid

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 March 2013 - 01:35 AM

ok i did that. here is the log.

also before i ran the cfscript my browser was indeed still redirecting me to various places at random.

like i clicked on a wiki link and it redirected me within half a second to some france website.

 

combofix log :

 

ComboFix 13-03-26.01 - pro 03/27/2013   2:30.6.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8147.4672 [GMT -4:00]
Running from: e:\pro\Desktop\AV\ComboFix.exe
Command switches used :: e:\pro\Desktop\AV\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-27 to 2013-03-27  )))))))))))))))))))))))))))))))
.
.
2013-03-27 06:32 . 2013-03-27 06:32    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-03-27 06:32 . 2013-03-27 06:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-27 00:50 . 2013-03-27 00:50    --------    d-----w-    c:\users\pro\AppData\Roaming\SUPERAntiSpyware.com
2013-03-27 00:50 . 2013-03-27 00:50    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-26 04:54 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEFE2E97-B840-45FC-866F-193B65920FAE}\mpengine.dll
2013-03-26 00:43 . 2013-03-15 06:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-25 00:27 . 2013-03-25 00:27    --------    d-----w-    c:\programdata\PCPitstop
2013-03-25 00:27 . 2013-03-25 00:29    --------    d-----w-    e:\program files (x86)\PCPitstop
2013-03-25 00:05 . 2013-03-25 00:04    307200    ----a-w-    e:\program files (x86)\Internet Explorer\iediagcmd.exe
2013-03-25 00:05 . 2013-03-25 00:04    107008    ----a-w-    e:\program files (x86)\Internet Explorer\iecleanup.exe
2013-03-24 23:54 . 2013-02-17 05:40    28672    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-03-21 07:49 . 2013-03-21 20:32    --------    d-----w-    e:\program files (x86)\Cryptic Studios
2013-03-21 06:07 . 2013-03-25 00:53    --------    d-----w-    e:\program files (x86)\DefianceBeta
2013-03-20 22:09 . 2012-11-29 15:49    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC8162C2-F468-4642-9ED3-F39258F9214C}\gapaengine.dll
2013-03-20 20:40 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb80236.sys
2013-03-20 20:40 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-19 20:55 . 2013-03-19 20:56    --------    d-----w-    c:\users\pro\AppData\Roaming\Ventrilo
2013-03-19 20:55 . 2013-03-19 20:55    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-16 02:36 . 2013-03-18 06:05    --------    d-----w-    c:\programdata\WarThunder
2013-03-16 02:36 . 2013-03-16 02:36    --------    d-----w-    c:\users\pro\AppData\Local\WarThunder
2013-03-16 02:36 . 2013-03-24 04:35    --------    d-----w-    e:\program files (x86)\War Thunder
2013-03-05 08:32 . 2013-03-05 08:32    --------    d-----w-    c:\users\pro\AppData\Roaming\OBS
2013-03-05 08:32 . 2013-03-05 08:32    --------    d-----w-    e:\program files (x86)\OBS
2013-03-05 02:11 . 2013-03-05 02:11    --------    d-----w-    c:\users\pro\AppData\Local\CrashRpt
2013-03-05 02:11 . 2013-03-05 02:11    --------    d-----w-    c:\users\pro\AppData\Local\Arktos
2013-03-04 22:15 . 2013-03-04 22:15    --------    d-----w-    c:\users\pro\AppData\Roaming\ASUS
2013-03-04 22:15 . 2013-03-04 22:15    419840    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-03-04 22:15 . 2013-03-04 22:15    413696    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-03-04 22:15 . 2013-03-04 22:15    111616    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-03-04 22:15 . 2013-03-04 22:15    102400    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-03-04 21:47 . 2009-08-19 08:00    359424    ------w-    c:\windows\system32\CmiInstallResAll64.dll
2013-03-04 21:47 . 2011-12-20 06:59    315392    ----a-w-    c:\windows\SysWow64\CmiFltr.dll
2013-03-04 21:47 . 2011-12-20 06:59    315392    ----a-w-    c:\windows\system\CmiFltr.dll
2013-03-04 21:47 . 2011-12-20 06:59    32768    ----a-w-    c:\windows\system32\cmudaxp.dll
2013-03-04 21:47 . 2011-12-20 06:59    2727936    ----a-w-    c:\windows\system32\drivers\cmudaxp.sys
2013-03-02 18:29 . 2013-03-02 18:31    --------    d-----w-    c:\users\pro\AppData\Local\Sniper Elite Nazi Zombie Army
2013-02-27 16:58 . 2013-02-27 17:05    --------    d-----w-    C:\CCE_Quarantine
2013-02-26 19:31 . 2013-02-26 19:31    5    ----a-w-    c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-02-26 18:09 . 2013-02-27 03:43    --------    d-----w-    c:\users\pro\AppData\Roaming\Origin
2013-02-26 18:09 . 2013-02-26 18:46    --------    d-----w-    c:\users\pro\AppData\Local\Origin
2013-02-26 18:08 . 2013-02-26 18:32    --------    d-----w-    c:\programdata\Origin
2013-02-26 18:08 . 2013-02-26 18:08    --------    d-----w-    c:\programdata\Electronic Arts
2013-02-26 18:08 . 2013-02-26 18:09    --------    d-----w-    e:\program files (x86)\Origin
2013-02-25 21:59 . 2013-02-25 22:35    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-02-25 21:58 . 2013-03-27 01:17    --------    d-----w-    e:\program files (x86)\Spybot - Search & Destroy 2
2013-02-25 06:49 . 2013-02-25 06:49    --------    d-----w-    c:\users\pro\AppData\Roaming\Malwarebytes
2013-02-25 06:49 . 2013-02-25 06:49    --------    d-----w-    c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:17 . 2012-11-05 03:34    25640    ----a-w-    c:\windows\gdrv.sys
2013-03-13 23:00 . 2012-11-05 05:20    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-13 15:15 . 2012-11-05 06:46    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-13 15:15 . 2012-11-05 06:46    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-13 06:02 . 2012-11-05 07:18    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 06:02 . 2012-11-05 07:18    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 05:32 . 2013-01-06 03:43    15129960    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-02-26 05:32 . 2012-10-11 02:23    2826040    ----a-w-    c:\windows\system32\nvapi64.dll
2013-02-26 05:32 . 2012-10-11 02:23    1107440    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-02-26 05:32 . 2012-10-11 02:22    1814304    ----a-w-    c:\windows\system32\nvdispco64.dll
2013-02-26 05:32 . 2012-10-11 02:23    1510176    ----a-w-    c:\windows\system32\nvdispgenco64.dll
2013-02-26 05:32 . 2012-10-11 02:23    15053264    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-02-18 14:22 . 2013-02-18 14:22    31080    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-02-18 14:22 . 2013-02-18 14:22    1472360    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 14:22 . 2013-02-18 14:22    189288    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-12 18:52    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 18:52    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 18:52    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 18:52    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 18:52    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 18:52    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-06 11:42 . 2013-02-06 11:42    203544    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 11:42 . 2013-02-06 11:42    102936    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-01-30 10:53 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-27 05:20 . 2012-11-05 06:46    960416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-27 05:20 . 2012-11-05 06:46    1081760    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-01-23 23:58 . 2013-01-23 23:58    18432    ----a-w-    c:\windows\system32\drivers\rimvndis6_AMD64.sys
2013-01-20 20:59 . 2013-01-20 20:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2012-08-31 03:03    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 15:00 . 2012-11-05 01:33    6390048    ----a-w-    c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-11-05 01:33    3460896    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-11-05 01:33    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-11-05 01:33    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-11-05 01:33    2953448    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2012-11-05 01:33    2558240    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-11-05 01:33    118560    ----a-w-    c:\windows\system32\nvmctray.dll
2013-01-18 13:15 . 2013-01-18 13:15    550176    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-01-05 05:53 . 2013-02-13 01:38    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 01:38    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 01:38    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 01:38    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 01:38    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 01:38    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 01:38    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 01:38    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 01:38    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 01:38    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 01:38    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 01:38    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 01:38    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-05 08:01 . 2012-11-05 08:01    14825544    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-03-27 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-23 56128]
"MSUTray"="c:\program files (x86)\Marvell\storage\tray\MarvellTray.exe" [2012-06-13 1213952]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 raeehd;raeehd; [x]
R0 vhjrap;vhjrap; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-20 276256]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys [2013-01-23 18432]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-02-12 19968]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-27 131416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-05 1255736]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-08-16 645952]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-08-16 27456]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-27 237400]
S2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 8704pdateService;Box Sync Auto-updater;e:\program files\Box Sync\UpdateService.exe [2012-11-07 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-16 7168]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-06-05 190824]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 Marvell Storage Management;Marvell Storage Management Service;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe [2012-05-14 313192]
S2 MSUWebService;MSU Web Service;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe [2011-11-22 24645]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys [2011-11-22 14376]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 06:02]
.
2013-03-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3fb0b9b7-41b4-4e56-9c48-a0583c3134e0.job
- e:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-03-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e467ad92-92af-4d09-9f7b-bf3fca673e64.job
- e:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\pro\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EB287872-D524-4969-A03E-D39A8A15C7FE}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 13:36; firefox@mega.co.nz; c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-03-23 17:22; 5nc3QHFgcb@r06Ws9gvNNVRfH.com; c:\users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1872388557-535701386-2326627625-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{86C4C27A-2D21-FB7C-CB33-9E3DF55614E1}*]
"pabklnpikhlgngdapddcjbechlcbanki"=hex:6a,61,62,6a,6b,6b,6b,6e,64,66,62,6c,6b,
   6a,65,70,70,63,6b,62,00,f5
"oahlcogcijniphinodpaonbjgaojhc"=hex:6a,61,62,6a,6b,6b,6b,6e,64,66,62,6c,6b,6a,
   65,70,70,63,6b,62,00,f5
"oapmpjebaicheaijdoknkckkdcbcme"=hex:61,61,00,02
"nabmchgkmhopgheapgebakkfolnp"=hex:66,61,6a,6c,66,66,66,6d,6e,6b,68,65,00,0c
"abammpjdeafagbngjkhidlimejefjdpobb"=hex:64,62,6d,6c,63,61,67,6e,67,69,6b,6e,
   6f,6c,64,66,6b,67,66,6d,68,6e,6c,64,69,65,70,65,6b,68,6d,62,61,65,68,68,62,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-27  02:33:24
ComboFix-quarantined-files.txt  2013-03-27 06:33
ComboFix2.txt  2013-03-27 05:26
ComboFix3.txt  2013-03-27 00:34
.
Pre-Run: 20,632,227,840 bytes free
Post-Run: 20,552,769,536 bytes free
.
- - End Of File - - 1FA4004CC37AAB68E1B20BA97D03971E

 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 27 March 2013 - 02:23 AM

Is it still redirecting and if so which browser?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 March 2013 - 02:53 AM

yes i am getting weird issues.

it will redirect at random and on some sites i get some words bolded and highlighted in green text.

if i move my mouse over the word it says "Click to continue - by SmartSuggestor"

the browser in question is Firefox 9. this is the only browser i use.

suggestions would be appreciated.

 

here is a site i was redirected to.

http://deckmedia.com/lp/BrandsLanding3.html?utm_source=Admedia_68644-C3_19035_886&utm_medium=CPC&utm_campaign=Admedia


Edited by infamouskid, 27 March 2013 - 02:56 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 27 March 2013 - 03:28 AM


Hello infamouskid

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
  • Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 infamouskid

infamouskid
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 March 2013 - 04:05 AM

k just got another redirect to here

http://8.29.133.134/update/download5mtcan.php?src=-&kw=amazon.com&lp=4&keyw_passthru=amazon.com

k here is what OTL says :

 

OTL logfile created on: 3/27/2013 5:02:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Pro\Desktop\AV
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 51.28% Memory free
7.97 Gb Paging File | 3.85 Gb Available in Paging File | 48.35% Paging File free
Paging file location(s): c:\pagefile.sys 16 12220 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 19.27 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 298.75 Gb Free Space | 64.14% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 799.63 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 169.73 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
Drive Z: | 102.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PRO-PC | User Name: pro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Pro\Desktop\AV\OTL.exe (OldTimer Tools)
PRC - E:\Program Files (x86)\Heroes of Newerth\hon.exe (S2 Games)
PRC - E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Program Files (x86)\Heroes of Newerth\AwesomiumProcess.exe (Khrona LLC)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe (Marvell)
PRC - C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Program Files (x86)\Heroes of Newerth\k2.dll ()
MOD - e:\Program Files (x86)\Heroes of Newerth\vid_d3d9.dll ()
MOD - e:\Program Files (x86)\Heroes of Newerth\game\game_shared.dll ()
MOD - e:\Program Files (x86)\Heroes of Newerth\game\cgame.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - E:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - E:\Program Files (x86)\OBS\64bit\plugins\GraphicsCapture\GraphicsCaptureHook.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\6c1f9740c6ada965092d49d95aab2a83\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\32bfd59bc4e2103c2711ad7ef926e64b\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\4e38af2c9e44dfb8cd101420faaf5c21\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3d88c2a6ce5bff2135ec7a871ffe8ac\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - E:\Program Files (x86)\Heroes of Newerth\avcodec-52.dll ()
MOD - E:\Program Files (x86)\Heroes of Newerth\avformat-52.dll ()
MOD - E:\Program Files (x86)\Heroes of Newerth\avutil-50.dll ()
MOD - C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()
MOD - E:\Program Files (x86)\Heroes of Newerth\zlibwapi.dll ()
MOD - E:\Program Files (x86)\Heroes of Newerth\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (#UpdateService) -- E:\Program Files\Box Sync\UpdateService.exe (Box, Inc.)
SRV:64bit: - (!SASCORE) -- E:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- E:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- E:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Marvell Storage Management) -- C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe (Marvell)
SRV - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (MSUWebService) -- C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe (Apache Software Foundation)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SASDIFSV) -- E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- E:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (nvoclk64) -- C:\Windows\SysNative\drivers\nvoclk64.sys (NVIDIA Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (Mv_Process) -- c:\Windows\SysWOW64\Mv_Process.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 84 FA B1 EC 28 CE 01  [binary data]
IE - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: 5nc3QHFgcb%40r06Ws9gvNNVRfH.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\pro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 06:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/21 17:51:25 | 000,000,000 | ---D | M]
 
[2012/11/05 03:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pro\AppData\Roaming\Mozilla\Extensions
[2013/03/26 01:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions
[2013/02/24 00:22:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/05 04:02:32 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\foxmarks@kei.com
[2013/02/15 10:35:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\support@lastpass.com
[2013/03/23 17:22:23 | 000,003,260 | ---- | M] () (No name found) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
[2013/03/16 13:36:09 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\firefox@mega.co.nz.xpi
[2013/02/28 15:21:35 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/11/09 23:31:10 | 000,002,533 | ---- | M] () -- C:\Users\pro\AppData\Roaming\Mozilla\Firefox\Profiles\5bswi3wb.default\searchplugins\aol-search.xml
[2013/03/08 06:04:59 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 06:05:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 13:50:17 | 000,002,465 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 13:12:26 | 000,002,086 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/03/27 00:33:41 | 000,000,191 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - E:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - E:\Program Files (x86)\LastPass\LPToolbar.dll ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [MSUTray] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1872388557-535701386-2326627625-1001..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1872388557-535701386-2326627625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - E:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - E:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - E:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - E:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0925562E-49D7-472C-A45E-37EC19686D18}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57FEED2E-6B67-4BD5-BFBB-823F99F5C1B3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB287872-D524-4969-A03E-D39A8A15C7FE}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06644EF-F648-470B-A8AF-28F33979BDB0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/07 04:27:59 | 000,000,000 | ---D | M] - Z:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007/05/10 00:36:22 | 000,000,074 | R--- | M] () - Z:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/27 02:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/27 00:31:36 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\RK_Quarantine
[2013/03/26 23:47:21 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\AV
[2013/03/26 20:50:21 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/26 20:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/03/26 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/26 20:27:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/24 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/03/24 20:27:44 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\PCPitstop
[2013/03/24 19:54:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/03/24 19:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/03/21 03:52:06 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/03/21 03:49:10 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Cryptic Studios
[2013/03/21 02:07:09 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\DefianceBeta
[2013/03/20 16:40:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb80236.sys
[2013/03/20 16:40:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/19 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Ventrilo
[2013/03/19 16:55:18 | 000,000,000 | ---D | C] -- E:\Program Files\Ventrilo
[2013/03/19 16:55:18 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2013/03/19 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/19 10:26:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/19 10:26:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/19 10:26:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/19 08:05:37 | 000,000,000 | ---D | C] -- E:\Pro\My Documents\MSDCSC
[2013/03/15 23:55:15 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\Rania - Just Go
[2013/03/15 23:27:54 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\2NE1 - Take The World On
[2013/03/15 23:23:48 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\Girl's Day - Expectation
[2013/03/15 22:36:19 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Local\WarThunder
[2013/03/15 22:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/03/15 22:36:15 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013/03/15 22:36:13 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\War Thunder
[2013/03/15 03:40:31 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\New folder (10)
[2013/03/15 03:24:35 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\New folder (9)
[2013/03/13 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
[2013/03/13 19:00:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 19:00:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 19:00:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 19:00:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 19:00:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 19:00:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 19:00:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 19:00:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 19:00:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 19:00:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 19:00:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 19:00:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 19:00:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 19:00:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 19:00:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/12 01:25:29 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\New folder (8)
[2013/03/08 07:38:32 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\starbucks
[2013/03/08 06:04:59 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Mozilla Firefox
[2013/03/05 04:32:37 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\OBS
[2013/03/05 04:32:31 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2013/03/05 04:32:30 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\OBS
[2013/03/05 01:05:51 | 000,000,000 | ---D | C] -- E:\Program Files\CPUID
[2013/03/05 01:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/03/04 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Local\CrashRpt
[2013/03/04 22:11:43 | 000,000,000 | ---D | C] -- E:\Pro\My Documents\Arktos
[2013/03/04 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Local\Arktos
[2013/03/04 19:31:29 | 000,000,000 | ---D | C] -- E:\Pro\My Documents\The War Z
[2013/03/04 18:15:43 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\ASUS
[2013/03/04 18:15:41 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/03/04 18:15:41 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/03/04 18:15:41 | 000,111,616 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013/03/04 18:15:41 | 000,102,400 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013/03/04 18:14:29 | 000,465,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll
[2013/03/04 18:14:29 | 000,303,104 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll
[2013/03/04 18:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar DGX Audio
[2013/03/04 18:14:27 | 000,212,992 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv2.dll
[2013/03/04 18:14:27 | 000,212,992 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv.dll
[2013/03/04 18:14:27 | 000,122,880 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv642.dll
[2013/03/04 18:14:27 | 000,122,880 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv64.dll
[2013/03/04 18:14:27 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysWow64\Cm_Oal.dll
[2013/03/04 18:14:27 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysNative\Cm_Oal.dll
[2013/03/04 18:14:26 | 008,769,536 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll
[2013/03/04 18:14:26 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll
[2013/03/04 18:14:04 | 000,000,000 | ---D | C] -- E:\Program Files\ASUS Xonar DGX Audio
[2013/03/04 17:47:36 | 002,727,936 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys
[2013/03/04 17:47:36 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\CmiFltr.dll
[2013/03/04 17:47:36 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll
[2013/03/04 17:47:36 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmudaxp.dll
[2013/03/02 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Local\Sniper Elite Nazi Zombie Army
[2013/02/27 14:50:36 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 14:50:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 14:50:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 14:50:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 14:50:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 14:50:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 14:50:33 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 14:50:33 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 14:50:33 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 14:50:33 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 14:50:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 14:50:33 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 14:50:33 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 14:50:33 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 14:50:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 14:50:33 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 14:50:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 14:50:33 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 14:50:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 14:50:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 14:50:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 14:50:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 14:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 14:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 14:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 14:50:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 14:50:33 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 14:50:32 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 14:50:32 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 14:50:32 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 14:50:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 14:50:32 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 14:50:32 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 14:50:32 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 12:58:41 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2013/02/26 21:37:02 | 000,000,000 | ---D | C] -- E:\Pro\Desktop\New folder (6)
[2013/02/26 21:28:20 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/02/26 19:05:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/26 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Roaming\Origin
[2013/02/26 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\pro\AppData\Local\Origin
[2013/02/26 14:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/02/26 14:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/02/26 14:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/02/26 14:08:30 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Origin
[2013/02/26 01:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 01:32:44 | 002,505,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/26 01:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 01:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/26 01:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 01:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 01:32:36 | 000,958,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/02/26 01:32:36 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/02/26 01:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 01:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 01:32:32 | 000,245,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/02/26 01:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 01:32:28 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/02/26 01:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 01:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 01:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 01:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 01:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 01:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/26 01:32:04 | 000,201,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/02/25 20:44:36 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2013/02/25 17:59:48 | 000,000,000 | ---D | C] -- E:\Pro\My Documents\ProcAlyzer Dumps
[2013/02/25 17:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/25 17:58:53 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/11/05 04:01:08 | 014,825,544 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/27 05:02:00 | 000,120,832 | ---- | M] () -- C:\Windows\SysWow64\freqdb.db
[2013/03/27 05:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/27 00:37:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 00:37:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 00:34:34 | 000,784,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/27 00:34:34 | 000,664,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/27 00:34:34 | 000,122,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/27 00:33:41 | 000,000,191 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/27 00:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 23:49:35 | 000,000,000 | ---- | M] () -- C:\Users\pro\defogger_reenable
[2013/03/26 20:50:29 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e467ad92-92af-4d09-9f7b-bf3fca673e64.job
[2013/03/26 20:50:29 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3fb0b9b7-41b4-4e56-9c48-a0583c3134e0.job
[2013/03/26 20:50:12 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/26 03:00:42 | 000,078,534 | ---- | M] () -- E:\Pro\Desktop\asdsareafgr.jpg
[2013/03/25 14:17:48 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/03/24 20:06:51 | 000,001,300 | ---- | M] () -- C:\Users\pro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/24 19:39:26 | 000,000,992 | ---- | M] () -- C:\Users\pro\AppData\Local\7F68A003.il
[2013/03/24 19:39:26 | 000,000,280 | ---- | M] () -- C:\Users\pro\AppData\Local\IndexIE_7F68A003.il
[2013/03/19 17:43:40 | 000,007,605 | ---- | M] () -- C:\Users\pro\AppData\Local\Resmon.ResmonCfg
[2013/03/19 16:55:18 | 000,000,914 | ---- | M] () -- E:\Pro\Desktop\Ventrilo.lnk
[2013/03/19 16:55:18 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/03/19 10:29:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130325-203529.backup
[2013/03/16 01:41:57 | 000,000,980 | ---- | M] () -- E:\Pro\Desktop\EVGA Precision X.lnk
[2013/03/13 11:15:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/13 11:15:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/13 02:02:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 02:02:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/10 19:05:26 | 000,005,192 | ---- | M] () -- E:\Pro\Desktop\Super_House_of_Dead_Ninjas-FANiSO.torrent
[2013/03/07 06:24:09 | 000,000,887 | ---- | M] () -- E:\Pro\Desktop\Open Broadcaster Software.lnk
[2013/03/04 18:16:21 | 000,281,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/04 18:15:41 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/03/04 18:15:41 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/03/04 18:15:41 | 000,111,616 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013/03/04 18:15:41 | 000,102,400 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013/03/04 18:14:29 | 000,044,950 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/03/04 18:14:16 | 000,000,142 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2013/03/04 18:14:15 | 000,000,872 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/03/04 18:14:15 | 000,000,811 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2013/02/26 17:40:53 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/26 14:08:31 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/02/26 12:42:43 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\wan.pcap
[2013/02/26 01:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 01:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/26 01:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/26 01:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 01:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/02/26 01:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/26 01:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013/02/26 01:32:38 | 001,107,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/02/26 01:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 01:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 01:32:36 | 000,958,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/02/26 01:32:36 | 000,420,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/02/26 01:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 01:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 01:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013/02/26 01:32:32 | 000,245,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/02/26 01:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 01:32:28 | 000,364,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/02/26 01:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 01:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/02/26 01:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 01:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 01:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 01:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 01:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/26 01:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/26 01:32:04 | 000,201,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/26 23:49:35 | 000,000,000 | ---- | C] () -- C:\Users\pro\defogger_reenable
[2013/03/26 20:50:29 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e467ad92-92af-4d09-9f7b-bf3fca673e64.job
[2013/03/26 20:50:29 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3fb0b9b7-41b4-4e56-9c48-a0583c3134e0.job
[2013/03/26 20:50:12 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/03/26 03:00:34 | 000,078,534 | ---- | C] () -- E:\Pro\Desktop\asdsareafgr.jpg
[2013/03/24 20:06:51 | 000,001,278 | ---- | C] () -- C:\Users\pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/21 04:18:06 | 001,279,677 | ---- | C] () -- E:\Pro\Desktop\IMG_20120220_115533.jpg
[2013/03/21 04:17:18 | 001,227,303 | ---- | C] () -- E:\Pro\Desktop\IMG174.jpg
[2013/03/21 04:17:14 | 001,085,984 | ---- | C] () -- E:\Pro\Desktop\IMG241.jpg
[2013/03/19 17:43:40 | 000,007,605 | ---- | C] () -- C:\Users\pro\AppData\Local\Resmon.ResmonCfg
[2013/03/19 16:55:18 | 000,000,914 | ---- | C] () -- E:\Pro\Desktop\Ventrilo.lnk
[2013/03/19 16:55:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/03/19 10:26:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/19 10:26:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/19 10:26:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/19 10:26:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/19 10:26:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/10 19:05:21 | 000,005,192 | ---- | C] () -- E:\Pro\Desktop\Super_House_of_Dead_Ninjas-FANiSO.torrent
[2013/03/05 04:32:31 | 000,000,887 | ---- | C] () -- E:\Pro\Desktop\Open Broadcaster Software.lnk
[2013/03/04 18:14:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini
[2013/03/04 18:14:29 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013/03/04 18:14:27 | 000,282,112 | ---- | C] () -- C:\Windows\System\HsMgr64.exe
[2013/03/04 18:14:26 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgp.cpl
[2013/03/04 18:14:26 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013/03/04 18:14:18 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu
[2013/03/04 18:14:18 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013/03/04 18:14:04 | 000,044,950 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013/03/04 18:14:03 | 000,805,376 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe
[2013/03/04 18:14:03 | 000,000,142 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2013/03/04 17:47:48 | 000,000,872 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013/03/04 17:47:46 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2013/03/04 17:47:46 | 000,005,066 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013/03/04 17:47:46 | 000,000,594 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2013/02/26 14:08:31 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/01/23 11:12:53 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2013/01/23 11:12:53 | 000,001,866 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2013/01/11 17:43:30 | 000,003,584 | ---- | C] () -- C:\Users\pro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/20 02:00:43 | 000,000,124 | ---- | C] () -- C:\Windows\kaillera.ini
[2012/11/30 22:25:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/11/30 22:25:23 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/11/12 02:51:00 | 000,003,072 | ---- | C] () -- C:\Users\pro\AppData\Local\file__0.localstorage
[2012/11/06 21:56:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/11/06 04:28:31 | 000,000,992 | ---- | C] () -- C:\Users\pro\AppData\Local\7F68A003.il
[2012/11/06 04:28:31 | 000,000,280 | ---- | C] () -- C:\Users\pro\AppData\Local\IndexIE_7F68A003.il
[2012/11/05 02:48:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/04 23:37:53 | 000,797,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/04 23:29:42 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/11/04 23:29:42 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/04/05 23:08:14 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\eventshare.dll
[2011/11/21 22:48:04 | 000,014,376 | ---- | C] () -- C:\Windows\SysWow64\Mv_Process.sys
[2011/11/21 22:47:40 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 


Edited by infamouskid, 27 March 2013 - 04:08 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 27 March 2013 - 01:21 PM

Hello infamouskid

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


  • Let me know How things are doing

    Gringo



Edited by gringo_pr, 27 March 2013 - 01:21 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users