Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very nasty redirect virus.


  • This topic is locked This topic is locked
32 replies to this topic

#1 MyPCusedToWork

MyPCusedToWork

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 29 August 2013 - 03:57 PM

So I downloaded a file a while back that was somewhat suspicioues. (Dangit, this forum doesn't have spailcheck) I opened the file and I thought to my self, "It would suck if this was a virus". I can't exactly recall what happened after that but I realized it was a virus so I shut down my PC, rebooted into safe mode, removed the suspocious file, and checked startup... nothing suspocious, so I went back to normal. Before I went to bed a few hours later I ran a scan with the latest MBAM. It found some suspicous file that I had it removed. Everything remained normal for a few days then google started redirecting. *************************. I did some generic "Google redirect virus removal" searches and tried some methods, but nothing helped. The virus has mutated and now redirects all major search engines and all web browsers. Random advert webpages pop up... and https doesn't work on chrome. Also, I can't sign into ebay (see picture below). I think I'll run MBAM again... but I doubt I'll find anything... I don't know what steps to take next... I've never used a virus removal forum, I usually format, but I REALLY do not want to sense I have been using this copy for about a year and refuse to start over. No. You can't make me.
 
Thanks in advance for all help.

 

2149tee.jpg



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 29 August 2013 - 04:21 PM

Hello and welcome to Bleeping Computer!
 
My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!
  • Please be patient with me as logs take time to analyze.
==========
 
In addition to the above, please tell us what methods you've already tried to clean the infection (and please post the logs from any tools you've ran). Also, please tell us what version of Windows you are running. Then we'll decide the next best steps to get you cleaned up. :)

bloopie

#3 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 29 August 2013 - 04:32 PM

Sorry, I have Windows 7 64bit Home Premium. All I've done was run MBAM before the virus got to bad.



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 29 August 2013 - 05:04 PM

Hello again,

Okay thanks. I'm moving this topic to the Malware Removal Logs forum where it will stay.

Let's run FRST:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
bloopie

#5 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 29 August 2013 - 09:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by GAMER (administrator) on 29-08-2013 21:40:08
Running from C:\Users\GAMER\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: I - I:\setup.exe -a
MountPoints2: {3da5c7ab-d04a-11e2-886c-005056c00008} - H:\setup.exe
MountPoints2: {4272adf4-ca15-11e2-b8f2-806e6f6e6963} - D:\AUTORUN.EXE
MountPoints2: {7e625c9c-2aec-11e2-9d88-806e6f6e6963} - G:\MotoCastSetup.exe -a
MountPoints2: {a7e9bf51-2214-11e2-a3a2-d43d7e04318d} - G:\iStudio.exe
MountPoints2: {b05b7bca-f890-11e2-88e6-005056c00008} - I:\setup.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-17] (Advanced Micro Devices, Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll [97280 2009-07-13] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKCU - {06047E71-0CC2-4924-BE5A-0DDDDF89CD20} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default
FF user.js: detected! => C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\GAMER\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\GAMER\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\GAMER\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\GAMER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: adblockpopups - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: savesession - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\savesession@noasobi.net.xpi
FF Extension: uploader - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\uploader@adblockfilters.mozdev.org.xpi
FF Extension: No Name - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\GAMER\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\GAMER\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\GAMER\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\GAMER\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\GAMER\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Dragon Age Legends: Remix 01) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0
CHR Extension: (YouTube) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Kroll) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjdaaaepgacfpadimoljoefkmnnkpkm\6_0
CHR Extension: (The Mirage) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibikilmpbanbgffdfipjbpgkamgjhpi\1.0.2_0
CHR Extension: (Causality Games) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\10_0
CHR Extension: (KabaListics - DoA Power Tools Plus III) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfkefhipiannebmklaoedmlbkpgfkhc\2013.823.1_0
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0
CHR Extension: (StumbleUpon) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.7.11.1_0
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0
CHR Extension: (Dragons of Atlantis) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.6.1_0
CHR Extension: (Bullet Physics NaCl Test) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0
CHR Extension: (Gmail) - C:\Users\GAMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-16] (Advanced Micro Devices, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
R2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-30] (Hi-Rez Studios)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4204272 2012-08-27] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-28] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-13] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [68760 2008-09-05] (SiSoftware)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-06-09] ()
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b19cee28-db91-6948-dd34-24eb668c2629}\   \...\???\{b19cee28-db91-6948-dd34-24eb668c2629}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2012-08-21] ()
R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2012-08-21] ()
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\drivers\LGSUsbFilt.Sys [43832 2012-10-02] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-04-18] (http://libusb-win32.sourceforge.net)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73552 2012-11-29] (Dataram, Inc.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-07-15] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-07-15] ()
S3 SaiK0836; C:\Windows\system32\drivers\SaiK0836.sys [172040 2010-06-17] (Saitek)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 smhwdev; C:\Windows\system32\drivers\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\system32\drivers\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-06] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 ALSysIO; \??\C:\Users\GAMER\AppData\Local\Temp\ALSysIO64.sys [x]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 e1qexpress; system32\DRIVERS\e1q62x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 easytether; system32\DRIVERS\easytthr.sys [x]
S3 MSICDSetup; \??\F:\CDriver64.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_1; \??\C:\Program Files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [x]
S3 rt61x64; system32\DRIVERS\netr6164.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 21:39 - 2013-08-29 21:39 - 00000000 ____D C:\FRST
2013-08-28 18:02 - 2013-08-28 18:05 - 00001556 _____ C:\Users\GAMER\Desktop\T6MP.lnk
2013-08-28 18:02 - 2013-08-28 18:02 - 00001564 _____ C:\Users\GAMER\Desktop\T6ZM.lnk
2013-08-27 14:42 - 2013-08-28 18:04 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2
2013-08-26 16:55 - 2013-08-26 16:55 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-08-26 16:55 - 2013-08-26 16:55 - 00000388 _____ C:\Windows\LkmdfCoInst.log
2013-08-25 08:28 - 2013-08-28 07:58 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-08-25 04:33 - 2013-08-25 04:33 - 00000000 ____D C:\Users\GAMER\AppData\Local\TempDIR
2013-08-25 04:25 - 2013-08-25 15:12 - 00000000 ____D C:\Program Files (x86)\Desura
2013-08-25 04:25 - 2013-08-25 04:25 - 00000000 ____D C:\ProgramData\Desura
2013-08-21 17:32 - 2013-08-21 17:33 - 00000000 ____D C:\Users\GAMER\Documents\Visual Studio 2005
2013-08-21 17:23 - 2013-08-21 19:42 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2013-08-16 21:26 - 2013-08-16 21:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 09:36 - 2013-08-16 09:36 - 00000000 ____D C:\Users\GAMER\AppData\Local\Criterion Games
2013-08-15 01:51 - 2013-08-15 21:10 - 00000000 ____D C:\Users\GAMER\Documents\EA Games
2013-08-15 01:48 - 2013-08-15 01:48 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-14 03:07 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:07 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:07 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:07 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:07 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:07 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:07 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:07 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:07 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:07 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:07 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:07 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:07 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:07 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:25 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 16:25 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:05 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 16:05 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 15:45 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 15:45 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 15:45 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 15:45 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 15:45 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 15:45 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 15:45 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 15:45 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 15:45 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 15:31 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 15:31 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 14:59 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 14:59 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 14:59 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 14:59 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 14:59 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 14:59 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 14:59 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 14:59 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 14:59 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 14:59 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 14:59 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 14:57 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 09:48 - 2013-08-12 09:48 - 00000000 ____D C:\Users\GAMER\AA64.E.E.3.00.2552
2013-08-12 09:39 - 2013-08-12 09:39 - 02784044 _____ C:\Users\GAMER\Downloads\fan.wav
2013-08-10 22:58 - 2013-08-10 22:58 - 00002426 _____ C:\Users\GAMER\Documents\PRMumbleCertificateBackup.p12
2013-08-10 22:58 - 2013-08-10 22:58 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Project Reality
2013-08-10 20:49 - 2013-08-10 20:49 - 00000000 ____D C:\Users\GAMER\AppData\Local\Project Reality
2013-08-10 20:46 - 2013-08-10 22:56 - 00000000 ____D C:\Users\GAMER\Documents\ProjectReality
2013-08-10 17:41 - 2013-08-10 17:41 - 00000000 ____D C:\Windows\SysWOW64\Futuremark
2013-08-10 17:41 - 2004-10-25 20:02 - 00021664 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\Entech.sys
2013-08-10 17:41 - 2004-06-22 15:44 - 00005632 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\Entech64.sys
2013-08-10 17:41 - 2001-11-19 19:05 - 00003972 _____ C:\Windows\SysWOW64\Drivers\PciBus.sys
2013-08-10 17:41 - 1999-11-02 10:01 - 00006173 _____ C:\Windows\SysWOW64\Drivers\Entech.vxd
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Program Files (x86)\Audiosurf
2013-08-07 12:04 - 2013-08-07 12:04 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\NVIDIA
2013-08-05 09:58 - 2013-08-05 09:58 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-04 21:23 - 2013-08-04 21:23 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2013-08-04 21:23 - 2013-08-04 21:23 - 00000000 ____D C:\ProgramData\ATI
2013-08-04 21:22 - 2013-08-04 21:22 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201308042122159503.log
2013-08-04 21:22 - 2013-08-04 21:22 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-04 19:42 - 2013-08-04 19:42 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-08-04 19:41 - 2013-08-04 19:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-08-04 12:29 - 2013-08-04 12:29 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-08-03 15:38 - 2013-08-23 17:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-02 23:39 - 2013-08-02 23:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-02 23:16 - 2013-08-23 18:10 - 00000000 ____D C:\Users\GAMER\Documents\physx
2013-08-02 22:47 - 2013-08-02 22:47 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil
2013-08-02 22:39 - 2013-08-02 22:39 - 00000000 ____D C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2013-08-02 22:39 - 2013-08-02 22:39 - 00000000 ____D C:\Program Files (x86)\Netdevil
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\Program Files (x86)\Artificial
2013-08-02 21:02 - 2013-08-02 21:02 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-08-02 21:02 - 2013-08-02 21:02 - 00000000 ____D C:\Users\GAMER\AppData\Local\2K Games
2013-08-02 19:20 - 2013-08-02 19:20 - 00000000 ____D C:\NVIDIA
2013-08-02 17:49 - 2013-08-02 17:49 - 00000000 __SHD C:\ArcBackupDeviceInfo
2013-08-02 17:38 - 2011-12-08 05:44 - 00007456 ____N C:\Windows\system32\Drivers\win7_64logo.cat
2013-08-02 17:38 - 2011-11-10 11:14 - 00311872 ____N C:\Windows\system32\Drivers\ArcSec.sys
2013-08-02 17:38 - 2010-12-30 17:29 - 00080448 ____N (ArcSoft Inc.) C:\Windows\system32\MMCEDT5.exe
2013-08-02 17:34 - 2013-08-03 00:02 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files (x86)\USB_video_device
2013-08-01 23:13 - 2009-12-01 22:44 - 00081408 _____ (eMPIA Technology, Inc.) C:\Windows\emMON.exe
2013-08-01 23:07 - 2013-08-01 23:07 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\InstallShield
2013-08-01 19:36 - 2009-12-01 22:19 - 00649472 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emBDA64.sys
2013-08-01 19:36 - 2009-12-01 22:19 - 00118784 _____ (eMPIA Technology, Inc.) C:\Windows\system32\emPRP64.ax
2013-08-01 19:36 - 2009-12-01 22:18 - 00617216 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emOEM64.sys
2013-08-01 19:36 - 2009-12-01 22:17 - 00113664 _____ (eMPIA Technology, Inc.) C:\Windows\SysWOW64\emPRP.ax
2013-08-01 19:36 - 2006-11-09 12:50 - 00016382 _____ C:\Windows\system32\Drivers\merlinFW.rom
2013-08-01 16:04 - 2013-08-01 16:04 - 03035240 _____ C:\Users\GAMER\AppData\Local\ASbs.ac
2013-08-01 16:00 - 2013-08-01 16:00 - 00000000 ____D C:\Users\GAMER\Documents\ArcSoft
2013-08-01 15:54 - 2013-08-02 18:12 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\ArcSoft
2013-08-01 15:54 - 2013-08-02 18:12 - 00000000 ____D C:\Users\GAMER\AppData\Local\ArcSoft
2013-08-01 15:54 - 2013-08-02 18:10 - 00000000 ____D C:\ProgramData\ArcSoft

==================== One Month Modified Files and Folders =======

2013-08-29 21:39 - 2013-08-29 21:39 - 01579080 _____ (Farbar) C:\Users\GAMER\Desktop\FRST64.exe
2013-08-29 21:39 - 2013-08-29 21:39 - 00000000 ____D C:\FRST
2013-08-29 21:31 - 2012-10-22 21:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 21:19 - 2012-10-22 18:56 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 20:38 - 2012-09-22 00:47 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\vlc
2013-08-29 17:23 - 2012-09-25 17:21 - 00000000 ____D C:\Users\GAMER\Documents\Camtasia Studio
2013-08-29 17:19 - 2012-10-22 18:56 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 15:35 - 2012-11-11 22:39 - 00007595 _____ C:\Users\GAMER\AppData\Local\Resmon.ResmonCfg
2013-08-29 07:01 - 2013-03-10 00:59 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\tixati
2013-08-28 20:22 - 2013-07-16 11:19 - 00000000 ____D C:\Program Files (x86)\Activision
2013-08-28 18:05 - 2013-08-28 18:02 - 00001556 _____ C:\Users\GAMER\Desktop\T6MP.lnk
2013-08-28 18:04 - 2013-08-27 14:42 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2
2013-08-28 18:04 - 2012-09-25 22:13 - 00000000 ____D C:\Users\GAMER\AppData\Local\SKIDROW
2013-08-28 18:02 - 2013-08-28 18:02 - 00001564 _____ C:\Users\GAMER\Desktop\T6ZM.lnk
2013-08-28 18:01 - 2012-09-26 22:29 - 00000000 ____D C:\Users\GAMER\AppData\Local\CrashDumps
2013-08-28 14:53 - 2009-07-13 23:45 - 00023472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 14:53 - 2009-07-13 23:45 - 00023472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 14:46 - 2013-06-03 00:36 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-28 14:46 - 2013-01-22 17:19 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-08-28 14:46 - 2012-10-31 18:09 - 00000000 ____D C:\ProgramData\VMware
2013-08-28 14:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 14:46 - 2009-07-13 23:51 - 00117785 _____ C:\Windows\setupact.log
2013-08-28 07:58 - 2013-08-25 08:28 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-08-28 07:53 - 2012-09-23 19:21 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Skype
2013-08-27 22:13 - 2009-07-14 00:13 - 00784382 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 20:32 - 2012-11-03 14:48 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-08-27 15:18 - 2008-01-01 15:28 - 01212403 _____ C:\Windows\WindowsUpdate.log
2013-08-26 16:55 - 2013-08-26 16:55 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-08-26 16:55 - 2013-08-26 16:55 - 00000388 _____ C:\Windows\LkmdfCoInst.log
2013-08-25 19:08 - 2012-10-22 18:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-25 18:45 - 2012-09-22 00:44 - 00000000 ____D C:\Games
2013-08-25 18:35 - 2012-10-02 18:45 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-08-25 18:35 - 2012-10-02 18:40 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-25 15:12 - 2013-08-25 04:25 - 00000000 ____D C:\Program Files (x86)\Desura
2013-08-25 13:17 - 2012-10-02 18:40 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-08-25 08:29 - 2012-09-21 11:07 - 00380302 _____ C:\Windows\PFRO.log
2013-08-25 04:42 - 2012-09-22 22:50 - 00000000 ____D C:\Users\GAMER\AppData\Local\Google
2013-08-25 04:33 - 2013-08-25 04:33 - 00000000 ____D C:\Users\GAMER\AppData\Local\TempDIR
2013-08-25 04:25 - 2013-08-25 04:25 - 00000000 ____D C:\ProgramData\Desura
2013-08-23 18:10 - 2013-08-02 23:16 - 00000000 ____D C:\Users\GAMER\Documents\physx
2013-08-23 18:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-08-23 17:45 - 2013-08-03 15:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-21 19:42 - 2013-08-21 17:23 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2013-08-21 17:33 - 2013-08-21 17:32 - 00000000 ____D C:\Users\GAMER\Documents\Visual Studio 2005
2013-08-21 17:33 - 2012-11-15 20:44 - 00000000 ____D C:\Users\GAMER\AppData\Local\Microsoft Help
2013-08-20 19:07 - 2012-09-22 04:29 - 00000000 ____D C:\Youtube
2013-08-20 18:18 - 2012-12-01 12:48 - 00000000 ____D C:\FFOutput
2013-08-19 19:36 - 2012-09-22 00:10 - 00000000 ____D C:\Users\GAMER\Documents\my games
2013-08-19 19:34 - 2012-09-22 23:10 - 00373093 _____ C:\Windows\DirectX.log
2013-08-16 22:58 - 2012-10-24 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-16 21:26 - 2013-08-16 21:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 17:23 - 2012-10-29 20:37 - 00000000 ____D C:\Users\GAMER\Documents\Square Enix
2013-08-16 09:36 - 2013-08-16 09:36 - 00000000 ____D C:\Users\GAMER\AppData\Local\Criterion Games
2013-08-15 21:10 - 2013-08-15 01:51 - 00000000 ____D C:\Users\GAMER\Documents\EA Games
2013-08-15 01:51 - 2012-10-28 19:50 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-15 01:48 - 2013-08-15 01:48 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-14 22:30 - 2012-10-28 19:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-14 08:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 03:06 - 2013-07-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:06 - 2012-11-15 20:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 03:02 - 2012-09-25 20:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 11:33 - 2012-12-24 22:49 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-08-13 11:33 - 2012-12-24 22:48 - 00000000 ____D C:\Users\GAMER\AppData\Local\Deployment
2013-08-13 10:44 - 2012-10-02 18:40 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-12 09:48 - 2013-08-12 09:48 - 00000000 ____D C:\Users\GAMER\AA64.E.E.3.00.2552
2013-08-12 09:48 - 2012-09-21 09:20 - 00000000 ____D C:\Users\GAMER
2013-08-12 09:39 - 2013-08-12 09:39 - 02784044 _____ C:\Users\GAMER\Downloads\fan.wav
2013-08-10 22:58 - 2013-08-10 22:58 - 00002426 _____ C:\Users\GAMER\Documents\PRMumbleCertificateBackup.p12
2013-08-10 22:58 - 2013-08-10 22:58 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Project Reality
2013-08-10 22:56 - 2013-08-10 20:46 - 00000000 ____D C:\Users\GAMER\Documents\ProjectReality
2013-08-10 22:52 - 2013-05-24 20:06 - 00000000 ____D C:\Users\GAMER\Documents\Battlefield 2
2013-08-10 21:23 - 2013-04-23 21:13 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-10 20:49 - 2013-08-10 20:49 - 00000000 ____D C:\Users\GAMER\AppData\Local\Project Reality
2013-08-10 17:41 - 2013-08-10 17:41 - 00000000 ____D C:\Windows\SysWOW64\Futuremark
2013-08-10 17:41 - 2012-12-08 19:54 - 00000000 ____D C:\Program Files (x86)\Futuremark
2013-08-10 17:41 - 2012-09-21 10:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-08 11:23 - 2012-09-24 20:52 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-07 21:40 - 2013-08-07 21:40 - 00000000 ____D C:\Program Files (x86)\Audiosurf
2013-08-07 12:04 - 2013-08-07 12:04 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\NVIDIA
2013-08-06 14:29 - 2013-07-24 16:47 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Mp3tag
2013-08-05 09:58 - 2013-08-05 09:58 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-04 21:55 - 2012-09-22 22:46 - 00779174 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-04 21:23 - 2013-08-04 21:23 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2013-08-04 21:23 - 2013-08-04 21:23 - 00000000 ____D C:\ProgramData\ATI
2013-08-04 21:22 - 2013-08-04 21:22 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201308042122159503.log
2013-08-04 21:22 - 2013-08-04 21:22 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-04 21:22 - 2013-02-28 18:38 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-04 21:22 - 2012-09-21 23:34 - 00000000 ____D C:\ProgramData\AMD
2013-08-04 21:03 - 2012-09-21 23:33 - 00000000 ____D C:\AMD
2013-08-04 19:42 - 2013-08-04 19:42 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-08-04 19:42 - 2013-08-04 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-08-04 12:29 - 2013-08-04 12:29 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-08-04 12:29 - 2013-06-07 21:07 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-08-03 18:42 - 2012-09-21 23:39 - 00147000 _____ C:\Users\GAMER\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-03 18:41 - 2009-07-13 23:45 - 05118920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-03 16:45 - 2013-05-17 21:19 - 00000000 ____D C:\ProgramData\WarThunder
2013-08-03 00:02 - 2013-08-02 17:34 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-08-02 23:39 - 2013-08-02 23:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-02 23:00 - 2012-09-22 00:40 - 00000000 ____D C:\Fraps
2013-08-02 22:47 - 2013-08-02 22:47 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil
2013-08-02 22:39 - 2013-08-02 22:39 - 00000000 ____D C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2013-08-02 22:39 - 2013-08-02 22:39 - 00000000 ____D C:\Program Files (x86)\Netdevil
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\Program Files (x86)\Artificial
2013-08-02 21:02 - 2013-08-02 21:02 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-08-02 21:02 - 2013-08-02 21:02 - 00000000 ____D C:\Users\GAMER\AppData\Local\2K Games
2013-08-02 19:32 - 2009-07-14 00:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-02 19:20 - 2013-08-02 19:20 - 00000000 ____D C:\NVIDIA
2013-08-02 18:12 - 2013-08-01 15:54 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\ArcSoft
2013-08-02 18:12 - 2013-08-01 15:54 - 00000000 ____D C:\Users\GAMER\AppData\Local\ArcSoft
2013-08-02 18:11 - 2012-09-21 09:21 - 00000000 ___RD C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-02 18:11 - 2012-09-21 09:21 - 00000000 ___RD C:\Users\GAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-02 18:10 - 2013-08-01 15:54 - 00000000 ____D C:\ProgramData\ArcSoft
2013-08-02 17:49 - 2013-08-02 17:49 - 00000000 __SHD C:\ArcBackupDeviceInfo
2013-08-01 23:14 - 2012-09-21 10:44 - 00037002 _____ C:\Windows\DPINST.LOG
2013-08-01 23:13 - 2013-08-01 23:13 - 00000000 ____D C:\Program Files (x86)\USB_video_device
2013-08-01 23:07 - 2013-08-01 23:07 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\InstallShield
2013-08-01 16:16 - 2012-10-23 17:44 - 00000000 ____D C:\Users\GAMER\AppData\Local\Downloaded Installations
2013-08-01 16:04 - 2013-08-01 16:04 - 03035240 _____ C:\Users\GAMER\AppData\Local\ASbs.ac
2013-08-01 16:00 - 2013-08-01 16:00 - 00000000 ____D C:\Users\GAMER\Documents\ArcSoft
2013-07-30 16:45 - 2012-10-28 19:50 - 00000000 ____D C:\Users\GAMER\AppData\Roaming\Origin
2013-07-30 16:45 - 2012-10-28 19:50 - 00000000 ____D C:\Users\GAMER\AppData\Local\Origin

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\GAMER\AppData\Local\Google\Desktop\Install\{b19cee28-db91-6948-dd34-24eb668c2629}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b19cee28-db91-6948-dd34-24eb668c2629}
C:\Users\GAMER\jagex_cl_runescape_LIVE.dat
C:\Users\GAMER\random.dat
C:\Users\GAMER\AppData\Local\Temp\7z920.exe
C:\Users\GAMER\AppData\Local\Temp\AcDeltree.exe
C:\Users\GAMER\AppData\Local\Temp\cpuz160.exe
C:\Users\GAMER\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\GAMER\AppData\Local\Temp\htmlayout.dll
C:\Users\GAMER\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\GAMER\AppData\Local\Temp\install_flashplayer11x32axau_mssd_aaa_aih.exe
C:\Users\GAMER\AppData\Local\Temp\NGMDll.dll
C:\Users\GAMER\AppData\Local\Temp\NGMResource.dll
C:\Users\GAMER\AppData\Local\Temp\NGMSetup.exe
C:\Users\GAMER\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\GAMER\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\GAMER\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\GAMER\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\GAMER\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\GAMER\AppData\Local\Temp\nvStInst.exe
C:\Users\GAMER\AppData\Local\Temp\sfamcc00001.dll
C:\Users\GAMER\AppData\Local\Temp\sfextra.dll
C:\Users\GAMER\AppData\Local\Temp\SkypeSetup.exe
C:\Users\GAMER\AppData\Local\Temp\sonarinst.exe
C:\Users\GAMER\AppData\Local\Temp\unicows.dll
C:\Users\GAMER\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\GAMER\AppData\Local\Temp\uninstall197918.exe
C:\Users\GAMER\AppData\Local\Temp\uninstall219275.exe
C:\Users\GAMER\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\GAMER\AppData\Local\Temp\{E3088F81-38A0-4F31-AFB6-C2BE5D7E4AC3}\ISBEW64.exe
C:\Users\GAMER\AppData\Local\Temp\{A372D049-BF00-49BA-9624-5B31E53CF5ED}\ISBEW64.exe
C:\Users\GAMER\AppData\Local\Temp\{7099CCC6-020E-4A92-9148-0DD756B33040}\_Setup.dll
C:\Users\GAMER\AppData\Local\Temp\{45DDE0B4-6625-4451-9462-B0F61CDE7945}\ISBEW64.exe
C:\Users\GAMER\AppData\Local\Temp\{0ADE5DA0-E88F-473C-B679-21E7C315EF1B}\ISBEW64.exe
C:\Users\GAMER\AppData\Local\Temp\{0800618F-62ED-48CF-A12C-90D3DB57509B}\_Setup.dll
C:\Users\GAMER\AppData\Local\Temp\{0703F439-63DC-4575-B7F1-9C83CEF489A4}\ISBEW64.exe
C:\Users\GAMER\AppData\Local\Temp\{030ABD5A-A8A1-48B1-BA13-F23E08BF8FA4}\_Setup.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup.exe
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\adlmPIT.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\adlmutil.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\adrsetup.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\CIPUtil.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\LiteHtml.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\MC3.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\MC3Res.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\mfc100u.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\msvcp100.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\msvcr100.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\PatchMgr.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\senddmp.exe
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\SetupAcadUi.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\SetupCtrls.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\SetupUi.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\Setup\UPI.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\en-US\ADRInstRes.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\en-US\senddmpRes.dll
C:\Users\GAMER\AppData\Local\Temp\_AI7ED7.tmp\en-US\SetupRes.dll
C:\Users\GAMER\AppData\Local\Temp\ztmp\tmp1963.exe
C:\Users\GAMER\AppData\Local\Temp\ztmp\tmp2193.exe
C:\Users\GAMER\AppData\Local\Temp\ztmp\tmp6461.exe
C:\Users\GAMER\AppData\Local\Temp\ztmp\tmp6462.exe
C:\Users\GAMER\AppData\Local\Temp\RarSFX0\4kvideodownloader_2.8.exe
C:\Users\GAMER\AppData\Local\Temp\OpenIV Setup\libeay32.dll
C:\Users\GAMER\AppData\Local\Temp\OpenIV Setup\ssleay32.dll
C:\Users\GAMER\AppData\Local\Temp\lu\1_lgs7_c06b_G700.exe
C:\Users\GAMER\AppData\Local\Temp\is1070216317\dp.exe
C:\Users\GAMER\AppData\Local\Temp\is1070216317\HardwareInfoLib.dll
C:\Users\GAMER\AppData\Local\Temp\is1070216317\HomePageDLL.dll
C:\Users\GAMER\AppData\Local\Temp\is1070216317\JDownloaderSetup_IC.exe
C:\Users\GAMER\AppData\Local\Temp\is1070216317\nss_handler.exe
C:\Users\GAMER\AppData\Local\Temp\is1070216317\SymCCIS.dll
C:\Users\GAMER\AppData\Local\Temp\Autodesk Inventor Professional 2013_ADLM\LangPackVer.dll
C:\Users\Public\Crysis Benchmark Tool.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-22 20:54

==================== End Of Log ============================

 

Attached Files



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 30 August 2013 - 01:42 PM

Hello again,

Okay, your system is infected with the ZeroAccess rootkit! Therefore, I must issue a warning:

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you would still like to continue with the cleaning then follow the next step(s).

====================

Step :step1:

Download attached Attached File  fixlist.txt   5.85KB   5 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

==========

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please post both requested logs in your next reply, and please let me know how the machine is running now!

bloopie



#7 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 30 August 2013 - 03:38 PM

New logs:

Attached Files



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 30 August 2013 - 04:11 PM

Hello again,

Please copy and paste all logs instead of attaching them. Also, please let me know how the machine is running now and after this Script!
 
I need to get your feedback after fixes to the machine...without your feedback I can't make sure everything is working properly.  :wink:

==========

Step :step1:

Run a Combofix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 

Firefox::
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b897a57a000000000000d43d7e04318d&q=
FF - user.js: extensions.BabylonToolbar.id - b897a57a000000000000d43d7e04318d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15768
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1017:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=120024
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false

ClearJavaCache::

Extra::

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Step :step2:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

==========

Please copy/paste both logs, and let me know how the machine is running in your next reply!

bloopie



#9 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 30 August 2013 - 04:35 PM

Well Google doesn't redirect anymore... no random pages popping up... eBay works... should I run everything again anyways?

 

CRAP... I just noticed something... Programs don't need me to say "Yes" to run as administrator anymore... I checked UAC and it's still second to the top.. I'm going to try restarting... this isn't good...

 

EDIT: Restarting fixed it now.


Edited by MyPCusedToWork, 30 August 2013 - 04:39 PM.


#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 30 August 2013 - 04:56 PM

Thanks for letting me know!

 

Just follow the instructions for the Combofix Script and Farbar Service Scanner reports I gave in my last post.

 

bloopie



#11 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 30 August 2013 - 05:53 PM

Farbar Service Scanner Version: 28-08-2013
Ran by GAMER (administrator) on 30-08-2013 at 17:44:14
Running from "C:\Users\GAMER\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

ComboFix 13-08-30.02 - GAMER 08/30/2013  17:04:44.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8152.6299 [GMT -5:00]
Running from: c:\users\GAMER\Desktop\ComboFix.exe
Command switches used :: c:\users\GAMER\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 22:41 . 2013-08-30 22:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-30 19:57 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{89763CEE-1620-4A3B-982A-CAD7EA7BE005}\mpengine.dll
2013-08-30 02:39 . 2013-08-30 18:50    --------    d-----w-    C:\FRST
2013-08-27 19:42 . 2013-08-28 23:04    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops 2
2013-08-26 21:55 . 2013-08-26 21:55    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-08-25 18:08 . 2004-10-22 07:18    749568    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-08-25 18:08 . 2004-10-22 07:17    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-08-25 18:08 . 2004-10-22 07:17    274432    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-08-25 18:08 . 2004-10-22 07:16    180224    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-08-25 18:08 . 2004-10-22 07:16    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-08-25 18:08 . 2013-08-25 18:08    323716    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-08-25 18:08 . 2013-08-25 18:08    192644    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-08-25 09:33 . 2013-08-25 09:33    --------    d-----w-    c:\users\GAMER\AppData\Local\GFInstaller
2013-08-25 09:27 . 2013-08-25 09:27    --------    d-----w-    c:\program files (x86)\Common Files\Desura
2013-08-25 09:25 . 2013-08-25 09:25    --------    d-----w-    c:\programdata\Desura
2013-08-25 09:25 . 2013-08-25 20:12    --------    d-----w-    c:\program files (x86)\Desura
2013-08-16 14:36 . 2013-08-16 14:36    --------    d-----w-    c:\users\GAMER\AppData\Local\Criterion Games
2013-08-15 06:48 . 2013-08-15 06:48    --------    d-----w-    c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-08-13 21:25 . 2013-07-09 05:51    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-13 21:25 . 2013-07-09 04:52    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-08-13 21:05 . 2013-07-25 09:25    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-13 21:05 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-13 20:45 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-13 20:45 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 20:45 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 20:45 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 20:45 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 20:45 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-13 20:45 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-13 20:45 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-13 20:45 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-13 20:31 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 20:31 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-13 19:59 . 2013-07-09 06:03    5550528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-13 19:59 . 2013-07-09 05:03    3968960    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-13 19:59 . 2013-07-09 05:03    3913664    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-13 19:59 . 2013-07-09 05:54    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-13 19:59 . 2013-07-09 05:53    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-13 19:59 . 2013-07-09 04:53    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-13 19:59 . 2013-07-09 04:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-13 19:59 . 2013-07-09 02:49    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-13 19:59 . 2013-07-09 02:49    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-13 19:59 . 2013-07-09 02:49    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-13 19:59 . 2013-07-09 02:49    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-13 19:57 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-12 14:48 . 2013-08-12 14:48    --------    d-----w-    c:\users\GAMER\AA64.E.E.3.00.2552
2013-08-11 03:58 . 2013-08-11 03:58    --------    d-----w-    c:\users\GAMER\AppData\Roaming\Project Reality
2013-08-11 01:49 . 2013-08-11 01:49    --------    d-----w-    c:\users\GAMER\AppData\Local\Project Reality
2013-08-10 22:41 . 2013-08-10 22:41    --------    d-----w-    c:\windows\SysWow64\Futuremark
2013-08-10 22:41 . 2004-10-26 01:02    21664    ----a-w-    c:\windows\SysWow64\drivers\Entech.sys
2013-08-10 22:41 . 2004-06-22 20:44    5632    ----a-w-    c:\windows\SysWow64\drivers\Entech64.sys
2013-08-10 22:41 . 2001-11-20 00:05    3972    ----a-w-    c:\windows\SysWow64\drivers\PciBus.sys
2013-08-10 22:41 . 2013-08-10 22:41    303236    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-08-10 22:41 . 2013-08-10 22:41    180356    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-08-10 22:41 . 2005-03-22 22:50    733184    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-08-10 22:41 . 2004-07-16 05:20    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-08-10 22:41 . 2004-07-16 05:19    266240    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-08-10 22:41 . 2004-07-16 05:18    172032    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-08-10 22:41 . 2004-07-16 05:18    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-08-08 02:40 . 2013-08-08 02:40    --------    d-----w-    c:\program files (x86)\Audiosurf
2013-08-07 17:04 . 2013-08-07 17:04    --------    d-----w-    c:\users\GAMER\AppData\Roaming\NVIDIA
2013-08-05 14:58 . 2013-08-05 14:58    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-08-05 02:23 . 2013-08-05 02:23    --------    d-----w-    c:\programdata\ATI
2013-08-05 02:22 . 2013-08-05 02:22    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-08-05 00:42 . 2013-08-05 00:42    --------    d-----w-    c:\windows\SysWow64\xlive
2013-08-05 00:41 . 2013-08-05 00:42    --------    d-----w-    c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-08-03 20:38 . 2013-08-23 22:45    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2013-08-03 03:39 . 2013-08-03 03:39    --------    d-----w-    c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2013-08-03 03:39 . 2013-08-03 03:39    --------    d-----w-    c:\program files (x86)\Netdevil
2013-08-03 03:37 . 2013-08-03 03:37    --------    d-----w-    c:\program files (x86)\Artificial
2013-08-03 02:02 . 2013-08-03 02:02    --------    d-----w-    c:\users\GAMER\AppData\Local\2K Games
2013-08-03 02:02 . 2013-08-03 02:02    --------    d-----w-    c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-08-03 00:20 . 2013-08-03 00:20    --------    d-----w-    C:\NVIDIA
2013-08-02 22:49 . 2013-08-02 22:49    --------    d-----w-    C:\ArcBackupDeviceInfo
2013-08-02 22:38 . 2011-11-10 16:14    311872    ------w-    c:\windows\system32\drivers\ArcSec.sys
2013-08-02 22:38 . 2010-12-30 22:29    80448    ------w-    c:\windows\system32\MMCEDT5.exe
2013-08-02 22:34 . 2013-08-03 05:02    --------    d-----w-    c:\program files (x86)\ArcSoft
2013-08-02 04:13 . 2013-08-02 04:13    --------    d-----w-    c:\program files (x86)\USB_video_device
2013-08-02 04:13 . 2009-12-02 03:44    81408    ----a-w-    c:\windows\emMON.exe
2013-08-02 04:07 . 2013-08-02 04:07    --------    d-----w-    c:\users\GAMER\AppData\Roaming\InstallShield
2013-08-02 00:36 . 2009-12-02 03:19    649472    ----a-w-    c:\windows\system32\drivers\emBDA64.sys
2013-08-02 00:36 . 2009-12-02 03:19    118784    ----a-w-    c:\windows\system32\emPRP64.ax
2013-08-02 00:36 . 2009-12-02 03:18    617216    ----a-w-    c:\windows\system32\drivers\emOEM64.sys
2013-08-02 00:36 . 2009-12-02 03:17    113664    ----a-w-    c:\windows\SysWow64\emPRP.ax
2013-08-01 21:18 . 2001-09-05 09:18    77824    ------w-    c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-08-01 21:18 . 2001-09-05 09:18    225280    ------w-    c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-08-01 21:18 . 2001-09-05 09:14    176128    ------w-    c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-08-01 21:18 . 2001-09-05 09:13    32768    ------w-    c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-08-01 21:18 . 2002-07-25 21:07    614532    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-08-01 21:17 . 2013-08-03 05:02    --------    d-----w-    c:\program files (x86)\Common Files\ArcSoft
2013-08-01 20:54 . 2013-08-02 23:12    --------    d-----w-    c:\users\GAMER\AppData\Roaming\ArcSoft
2013-08-01 20:54 . 2013-08-02 23:12    --------    d-----w-    c:\users\GAMER\AppData\Local\ArcSoft
2013-08-01 20:54 . 2013-08-02 23:10    --------    d-----w-    c:\programdata\ArcSoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 23:35 . 2012-10-02 23:45    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-08-25 23:35 . 2012-10-02 23:40    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-08-25 18:17 . 2012-10-02 23:40    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-08-14 08:02 . 2012-09-26 01:25    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-08-13 15:44 . 2012-10-02 23:40    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-07-29 00:09 . 2012-09-22 05:29    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-29 00:09 . 2012-09-22 05:29    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 02:52 . 2012-10-02 23:40    840264    ----a-w-    c:\windows\SysWow64\Pbsvc.exe
2013-07-17 05:37 . 2013-07-17 05:37    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2013-07-17 05:31 . 2013-07-17 05:31    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2013-07-17 04:49 . 2013-07-17 04:49    156712    ----a-w-    c:\windows\system32\amdhcp64.dll
2013-07-17 04:49 . 2013-07-17 04:49    141256    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2013-07-17 04:49 . 2013-07-17 04:49    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2013-07-17 04:49 . 2013-07-17 04:49    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2013-07-17 04:49 . 2013-07-17 04:49    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2013-07-17 04:49 . 2013-07-17 04:49    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2013-07-17 04:49 . 2013-07-17 04:49    142792    ----a-w-    c:\windows\system32\atiuxp64.dll
2013-07-17 04:49 . 2013-07-17 04:49    125824    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2013-07-17 04:49 . 2013-07-17 04:49    114488    ----a-w-    c:\windows\system32\atiu9p64.dll
2013-07-17 04:49 . 2013-07-17 04:49    97984    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2013-07-17 04:49 . 2013-07-17 04:49    1229472    ----a-w-    c:\windows\system32\aticfx64.dll
2013-07-17 04:48 . 2013-07-17 04:48    1024984    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2013-07-17 04:48 . 2013-07-17 04:48    8809760    ----a-w-    c:\windows\system32\atidxx64.dll
2013-07-17 04:48 . 2013-07-17 04:48    7667984    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2013-07-17 04:48 . 2013-07-17 04:48    6173424    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2013-07-17 04:48 . 2013-07-17 04:48    6187344    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2013-07-17 04:48 . 2013-07-17 04:48    6762632    ----a-w-    c:\windows\system32\atiumd6a.dll
2013-07-17 04:48 . 2013-07-17 04:48    7254936    ----a-w-    c:\windows\system32\atiumd64.dll
2013-07-17 04:44 . 2013-07-17 04:44    12514816    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2013-07-17 04:24 . 2013-07-17 04:24    229376    ----a-w-    c:\windows\system32\clinfo.exe
2013-07-17 04:23 . 2013-07-17 04:23    1187342    ----a-w-    c:\windows\system32\amdocl_as64.exe
2013-07-17 04:23 . 2013-07-17 04:23    1061902    ----a-w-    c:\windows\system32\amdocl_ld64.exe
2013-07-17 04:23 . 2013-07-17 04:23    995342    ----a-w-    c:\windows\SysWow64\amdocl_as32.exe
2013-07-17 04:23 . 2013-07-17 04:23    798734    ----a-w-    c:\windows\SysWow64\amdocl_ld32.exe
2013-07-17 04:23 . 2013-07-17 04:23    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2013-07-17 04:23 . 2013-07-17 04:23    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2013-07-17 04:23 . 2013-07-17 04:23    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2013-07-17 04:23 . 2013-07-17 04:23    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2013-07-17 04:23 . 2013-07-17 04:23    28192256    ----a-w-    c:\windows\system32\amdocl64.dll
2013-07-17 04:20 . 2013-07-17 04:20    23761920    ----a-w-    c:\windows\SysWow64\amdocl.dll
2013-07-17 04:18 . 2013-07-17 04:18    63488    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-17 04:18 . 2013-07-17 04:18    57344    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-17 03:49 . 2013-07-17 03:49    126976    ----a-w-    c:\windows\system32\coinst_13.15.100.1.dll
2013-07-17 03:35 . 2013-07-17 03:35    368640    ----a-w-    c:\windows\system32\atiapfxx.exe
2013-07-17 03:35 . 2013-07-17 03:35    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2013-07-17 03:35 . 2013-07-17 03:35    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2013-07-17 03:35 . 2013-07-17 03:35    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2013-07-17 03:35 . 2013-07-17 03:35    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2013-07-17 03:34 . 2013-07-17 03:34    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2013-07-17 03:31 . 2013-07-17 03:31    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2013-07-17 03:22 . 2013-07-17 03:22    25609728    ----a-w-    c:\windows\system32\atio6axx.dll
2013-07-17 03:15 . 2013-07-17 03:15    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2013-07-17 03:15 . 2013-07-17 03:15    26112    ----a-w-    c:\windows\system32\atimuixx.dll
2013-07-17 03:15 . 2013-07-17 03:15    571904    ----a-w-    c:\windows\system32\atieclxx.exe
2013-07-17 03:14 . 2013-07-17 03:14    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2013-07-17 03:13 . 2013-07-17 03:13    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2013-07-17 03:02 . 2013-07-17 03:02    21624832    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2013-07-17 02:58 . 2013-07-17 02:58    96256    ----a-w-    c:\windows\system32\amdave64.dll
2013-07-17 02:58 . 2013-07-17 02:58    90624    ----a-w-    c:\windows\SysWow64\amdave32.dll
2013-07-17 02:58 . 2013-07-17 02:58    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2013-07-17 02:58 . 2013-07-17 02:58    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2013-07-17 02:54 . 2013-07-17 02:54    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2013-07-17 02:49 . 2013-07-17 02:49    784384    ----a-w-    c:\windows\system32\atiadlxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    595456    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2013-07-17 02:49 . 2013-07-17 02:49    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2013-07-17 02:48 . 2013-07-17 02:48    100352    ----a-w-    c:\windows\system32\atig6txx.dll
2013-07-17 02:48 . 2013-07-17 02:48    96768    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2013-07-17 02:48 . 2013-07-17 02:48    617472    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2013-07-11 17:12 . 2013-07-11 17:12    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-11 17:12 . 2012-11-23 19:04    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-11 17:12 . 2012-11-23 19:04    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-13 19:59    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-08 18:32 . 2009-08-18 17:49    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-07-08 18:31 . 2009-08-18 16:24    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-28 04:51 . 2013-02-06 00:51    164880    ---ha-w-    c:\users\GAMER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-06-21 05:43 . 2013-06-21 05:43    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-21 05:43 . 2013-06-21 05:43    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 05:43 . 2013-06-21 05:43    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-21 05:43 . 2013-06-21 05:43    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-21 05:43 . 2013-06-21 05:43    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 05:43 . 2013-06-21 05:43    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-21 05:43 . 2013-06-21 05:43    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-21 05:43 . 2013-06-21 05:43    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-21 05:43 . 2013-06-21 05:43    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-21 05:43 . 2013-06-21 05:43    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 05:43 . 2013-06-21 05:43    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 05:43 . 2013-06-21 05:43    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-21 05:43 . 2013-06-21 05:43    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-21 05:43 . 2013-06-21 05:43    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-21 05:43 . 2013-06-21 05:43    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-21 05:43 . 2013-06-21 05:43    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-21 05:43 . 2013-06-21 05:43    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-21 05:43 . 2013-06-21 05:43    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-21 05:43 . 2013-06-21 05:43    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-21 05:43 . 2013-06-21 05:43    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-21 05:43 . 2013-06-21 05:43    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-21 05:43 . 2013-06-21 05:43    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-21 05:43 . 2013-06-21 05:43    361984    ----a-w-    c:\windows\SysWow64\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-07-17 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 ALSysIO;ALSysIO;c:\users\GAMER\AppData\Local\Temp\ALSysIO64.sys;c:\users\GAMER\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys;c:\windows\SYSNATIVE\Drivers\smhwadb.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\drivers\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\drivers\LGSUsbFilt.Sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/18/2013 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt61x64;WNC-0500 Wireless Adapter;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys;c:\windows\SYSNATIVE\drivers\SaiK0836.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys;c:\windows\SYSNATIVE\drivers\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys;c:\windows\SYSNATIVE\drivers\smhwser.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AIDA64DRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 20:40    453736    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 00:09]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 23:56]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 23:56]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1003121678-4294376205-2996640018-1000Core.job
- c:\users\GAMER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 03:50]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1003121678-4294376205-2996640018-1000UA.job
- c:\users\GAMER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 03:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-08 6827664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b897a57a000000000000d43d7e04318d&q=
FF - user.js: extensions.BabylonToolbar.id - b897a57a000000000000d43d7e04318d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15768
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1017:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=120024
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Foreign Legion: Multi Massacre_is1 - c:\program files (x86)\Foreign Legion Multi Massacre\unins000.exe
AddRemove-Steam App 113200 - e:\program files (x86)\Steam Crack\steam.exe
AddRemove-Steam App 224600 - e:\program files (x86)\Steam Crack\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3081822817-666659340-1812492736-1000\ * [**]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3081822817-666659340-1812492736-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,ff,74,83,24,81,58,65,27,a1,89,18,d4,cb,71,40,09,6c,d0,0b,63,
   ba,d3,54,9b,2d,f8,37,c6,53,9f,43,ac,32,bf,ca,44,85,74,2b,a2,aa,2c,0a,e8,93,\
"rkeysecu"=hex:70,76,4f,34,a5,9f,bd,72,94,21,90,30,f8,55,0d,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-30  17:43:09
ComboFix-quarantined-files.txt  2013-08-30 22:43
.
Pre-Run: 112,889,057,280 bytes free
Post-Run: 112,572,547,072 bytes free
.
- - End Of File - - 9D61250CD4E353A67D448EEBD7AF1141
A36C5E4F47E84449FF07ED3517B43A31
 



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 31 August 2013 - 08:51 AM

Hello again,

I'm sorry, I made a mistake with my previous script. Please run a new Combofix script with the below instruction this time:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 

Firefox::
FF - ProfilePath - c:\users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b897a57a000000000000d43d7e04318d&q=
FF - user.js: extensions.BabylonToolbar.id - b897a57a000000000000d43d7e04318d
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15768
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1017:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=120024
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false

ClearJavaCache::

Extra::

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please post me the log that it makes and let me know if there are any more issues with the computer!

bloopie



#13 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 01 September 2013 - 10:41 PM

ComboFix 13-09-01.02 - GAMER 09/01/2013  22:21:51.3.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8152.6372 [GMT -5:00]
Running from: c:\users\GAMER\Desktop\ComboFix.exe
Command switches used :: c:\users\GAMER\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))
.
.
2013-09-02 03:39 . 2013-09-02 03:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-30 23:16 . 2013-08-30 23:16    --------    d-----w-    C:\$WINDOWS.~BT
2013-08-30 19:57 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{89763CEE-1620-4A3B-982A-CAD7EA7BE005}\mpengine.dll
2013-08-30 02:39 . 2013-08-30 18:50    --------    d-----w-    C:\FRST
2013-08-27 19:42 . 2013-08-28 23:04    --------    d-----w-    c:\program files (x86)\Call of Duty Black Ops 2
2013-08-26 21:55 . 2013-08-26 21:55    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-08-25 18:08 . 2004-10-22 07:18    749568    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-08-25 18:08 . 2004-10-22 07:17    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-08-25 18:08 . 2004-10-22 07:17    274432    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-08-25 18:08 . 2004-10-22 07:16    180224    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-08-25 18:08 . 2004-10-22 07:16    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-08-25 18:08 . 2013-08-25 18:08    323716    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-08-25 18:08 . 2013-08-25 18:08    192644    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-08-25 09:33 . 2013-08-25 09:33    --------    d-----w-    c:\users\GAMER\AppData\Local\GFInstaller
2013-08-25 09:27 . 2013-08-25 09:27    --------    d-----w-    c:\program files (x86)\Common Files\Desura
2013-08-25 09:25 . 2013-08-25 09:25    --------    d-----w-    c:\programdata\Desura
2013-08-25 09:25 . 2013-08-25 20:12    --------    d-----w-    c:\program files (x86)\Desura
2013-08-16 14:36 . 2013-08-16 14:36    --------    d-----w-    c:\users\GAMER\AppData\Local\Criterion Games
2013-08-15 06:48 . 2013-08-15 06:48    --------    d-----w-    c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-08-13 21:25 . 2013-07-09 05:51    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-13 21:25 . 2013-07-09 04:52    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-08-13 21:05 . 2013-07-25 09:25    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-13 21:05 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-13 20:45 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-13 20:45 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 20:45 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 20:45 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 20:45 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 20:45 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-13 20:45 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-13 20:45 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-13 20:45 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-13 20:31 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 20:31 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-13 19:59 . 2013-07-09 06:03    5550528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-13 19:59 . 2013-07-09 05:03    3968960    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-13 19:59 . 2013-07-09 05:03    3913664    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-13 19:59 . 2013-07-09 05:54    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-13 19:59 . 2013-07-09 05:53    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-13 19:59 . 2013-07-09 04:53    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-13 19:59 . 2013-07-09 04:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-13 19:59 . 2013-07-09 02:49    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-13 19:59 . 2013-07-09 02:49    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-13 19:59 . 2013-07-09 02:49    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-13 19:59 . 2013-07-09 02:49    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-13 19:57 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-12 14:48 . 2013-08-12 14:48    --------    d-----w-    c:\users\GAMER\AA64.E.E.3.00.2552
2013-08-11 03:58 . 2013-08-11 03:58    --------    d-----w-    c:\users\GAMER\AppData\Roaming\Project Reality
2013-08-11 01:49 . 2013-08-11 01:49    --------    d-----w-    c:\users\GAMER\AppData\Local\Project Reality
2013-08-10 22:41 . 2013-08-10 22:41    --------    d-----w-    c:\windows\SysWow64\Futuremark
2013-08-10 22:41 . 2004-10-26 01:02    21664    ----a-w-    c:\windows\SysWow64\drivers\Entech.sys
2013-08-10 22:41 . 2004-06-22 20:44    5632    ----a-w-    c:\windows\SysWow64\drivers\Entech64.sys
2013-08-10 22:41 . 2001-11-20 00:05    3972    ----a-w-    c:\windows\SysWow64\drivers\PciBus.sys
2013-08-10 22:41 . 2013-08-10 22:41    303236    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-08-10 22:41 . 2013-08-10 22:41    180356    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-08-10 22:41 . 2005-03-22 22:50    733184    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-08-10 22:41 . 2004-07-16 05:20    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-08-10 22:41 . 2004-07-16 05:19    266240    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-08-10 22:41 . 2004-07-16 05:18    172032    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-08-10 22:41 . 2004-07-16 05:18    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-08-08 02:40 . 2013-08-08 02:40    --------    d-----w-    c:\program files (x86)\Audiosurf
2013-08-07 17:04 . 2013-08-07 17:04    --------    d-----w-    c:\users\GAMER\AppData\Roaming\NVIDIA
2013-08-05 14:58 . 2013-08-05 14:58    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-08-05 02:23 . 2013-08-05 02:23    --------    d-----w-    c:\programdata\ATI
2013-08-05 02:22 . 2013-08-05 02:22    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-08-05 00:42 . 2013-08-05 00:42    --------    d-----w-    c:\windows\SysWow64\xlive
2013-08-05 00:41 . 2013-08-05 00:42    --------    d-----w-    c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-08-03 20:38 . 2013-08-23 22:45    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2013-08-03 03:39 . 2013-08-03 03:39    --------    d-----w-    c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 23:35 . 2012-10-02 23:45    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-08-25 23:35 . 2012-10-02 23:40    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-08-25 18:17 . 2012-10-02 23:40    281152    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-08-14 08:02 . 2012-09-26 01:25    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-08-13 15:44 . 2012-10-02 23:40    76888    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-07-29 00:09 . 2012-09-22 05:29    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-29 00:09 . 2012-09-22 05:29    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 02:52 . 2012-10-02 23:40    840264    ----a-w-    c:\windows\SysWow64\Pbsvc.exe
2013-07-17 05:37 . 2013-07-17 05:37    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2013-07-17 05:31 . 2013-07-17 05:31    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2013-07-17 04:49 . 2013-07-17 04:49    156712    ----a-w-    c:\windows\system32\amdhcp64.dll
2013-07-17 04:49 . 2013-07-17 04:49    141256    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2013-07-17 04:49 . 2013-07-17 04:49    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2013-07-17 04:49 . 2013-07-17 04:49    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2013-07-17 04:49 . 2013-07-17 04:49    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2013-07-17 04:49 . 2013-07-17 04:49    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2013-07-17 04:49 . 2013-07-17 04:49    142792    ----a-w-    c:\windows\system32\atiuxp64.dll
2013-07-17 04:49 . 2013-07-17 04:49    125824    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2013-07-17 04:49 . 2013-07-17 04:49    114488    ----a-w-    c:\windows\system32\atiu9p64.dll
2013-07-17 04:49 . 2013-07-17 04:49    97984    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2013-07-17 04:49 . 2013-07-17 04:49    1229472    ----a-w-    c:\windows\system32\aticfx64.dll
2013-07-17 04:48 . 2013-07-17 04:48    1024984    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2013-07-17 04:48 . 2013-07-17 04:48    8809760    ----a-w-    c:\windows\system32\atidxx64.dll
2013-07-17 04:48 . 2013-07-17 04:48    7667984    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2013-07-17 04:48 . 2013-07-17 04:48    6173424    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2013-07-17 04:48 . 2013-07-17 04:48    6187344    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2013-07-17 04:48 . 2013-07-17 04:48    6762632    ----a-w-    c:\windows\system32\atiumd6a.dll
2013-07-17 04:48 . 2013-07-17 04:48    7254936    ----a-w-    c:\windows\system32\atiumd64.dll
2013-07-17 04:44 . 2013-07-17 04:44    12514816    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2013-07-17 04:24 . 2013-07-17 04:24    229376    ----a-w-    c:\windows\system32\clinfo.exe
2013-07-17 04:23 . 2013-07-17 04:23    1187342    ----a-w-    c:\windows\system32\amdocl_as64.exe
2013-07-17 04:23 . 2013-07-17 04:23    1061902    ----a-w-    c:\windows\system32\amdocl_ld64.exe
2013-07-17 04:23 . 2013-07-17 04:23    995342    ----a-w-    c:\windows\SysWow64\amdocl_as32.exe
2013-07-17 04:23 . 2013-07-17 04:23    798734    ----a-w-    c:\windows\SysWow64\amdocl_ld32.exe
2013-07-17 04:23 . 2013-07-17 04:23    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2013-07-17 04:23 . 2013-07-17 04:23    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2013-07-17 04:23 . 2013-07-17 04:23    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2013-07-17 04:23 . 2013-07-17 04:23    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2013-07-17 04:23 . 2013-07-17 04:23    28192256    ----a-w-    c:\windows\system32\amdocl64.dll
2013-07-17 04:20 . 2013-07-17 04:20    23761920    ----a-w-    c:\windows\SysWow64\amdocl.dll
2013-07-17 04:18 . 2013-07-17 04:18    63488    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-17 04:18 . 2013-07-17 04:18    57344    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-17 03:49 . 2013-07-17 03:49    126976    ----a-w-    c:\windows\system32\coinst_13.15.100.1.dll
2013-07-17 03:35 . 2013-07-17 03:35    368640    ----a-w-    c:\windows\system32\atiapfxx.exe
2013-07-17 03:35 . 2013-07-17 03:35    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2013-07-17 03:35 . 2013-07-17 03:35    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2013-07-17 03:35 . 2013-07-17 03:35    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2013-07-17 03:35 . 2013-07-17 03:35    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2013-07-17 03:34 . 2013-07-17 03:34    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2013-07-17 03:31 . 2013-07-17 03:31    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2013-07-17 03:22 . 2013-07-17 03:22    25609728    ----a-w-    c:\windows\system32\atio6axx.dll
2013-07-17 03:15 . 2013-07-17 03:15    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2013-07-17 03:15 . 2013-07-17 03:15    26112    ----a-w-    c:\windows\system32\atimuixx.dll
2013-07-17 03:15 . 2013-07-17 03:15    571904    ----a-w-    c:\windows\system32\atieclxx.exe
2013-07-17 03:14 . 2013-07-17 03:14    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2013-07-17 03:13 . 2013-07-17 03:13    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2013-07-17 03:02 . 2013-07-17 03:02    21624832    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2013-07-17 02:58 . 2013-07-17 02:58    96256    ----a-w-    c:\windows\system32\amdave64.dll
2013-07-17 02:58 . 2013-07-17 02:58    90624    ----a-w-    c:\windows\SysWow64\amdave32.dll
2013-07-17 02:58 . 2013-07-17 02:58    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2013-07-17 02:58 . 2013-07-17 02:58    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2013-07-17 02:54 . 2013-07-17 02:54    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2013-07-17 02:49 . 2013-07-17 02:49    784384    ----a-w-    c:\windows\system32\atiadlxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    595456    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2013-07-17 02:49 . 2013-07-17 02:49    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2013-07-17 02:49 . 2013-07-17 02:49    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2013-07-17 02:48 . 2013-07-17 02:48    100352    ----a-w-    c:\windows\system32\atig6txx.dll
2013-07-17 02:48 . 2013-07-17 02:48    96768    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2013-07-17 02:48 . 2013-07-17 02:48    617472    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2013-07-11 17:12 . 2013-07-11 17:12    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-11 17:12 . 2012-11-23 19:04    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-11 17:12 . 2012-11-23 19:04    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-13 19:59    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-08 18:32 . 2009-08-18 17:49    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-07-08 18:31 . 2009-08-18 16:24    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-28 04:51 . 2013-02-06 00:51    164880    ---ha-w-    c:\users\GAMER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-06-21 05:43 . 2013-06-21 05:43    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-21 05:43 . 2013-06-21 05:43    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 05:43 . 2013-06-21 05:43    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-21 05:43 . 2013-06-21 05:43    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-21 05:43 . 2013-06-21 05:43    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 05:43 . 2013-06-21 05:43    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-21 05:43 . 2013-06-21 05:43    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-21 05:43 . 2013-06-21 05:43    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-21 05:43 . 2013-06-21 05:43    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-21 05:43 . 2013-06-21 05:43    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 05:43 . 2013-06-21 05:43    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 05:43 . 2013-06-21 05:43    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-21 05:43 . 2013-06-21 05:43    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-21 05:43 . 2013-06-21 05:43    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-21 05:43 . 2013-06-21 05:43    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-21 05:43 . 2013-06-21 05:43    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-21 05:43 . 2013-06-21 05:43    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-21 05:43 . 2013-06-21 05:43    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-21 05:43 . 2013-06-21 05:43    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-21 05:43 . 2013-06-21 05:43    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-21 05:43 . 2013-06-21 05:43    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-21 05:43 . 2013-06-21 05:43    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-21 05:43 . 2013-06-21 05:43    361984    ----a-w-    c:\windows\SysWow64\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-07-17 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 ALSysIO;ALSysIO;c:\users\GAMER\AppData\Local\Temp\ALSysIO64.sys;c:\users\GAMER\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys;c:\windows\SYSNATIVE\Drivers\smhwadb.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\drivers\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\drivers\LGSUsbFilt.Sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/18/2013 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys;c:\program files (x86)\MSI\CLICKBIOSII\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt61x64;WNC-0500 Wireless Adapter;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys;c:\windows\SYSNATIVE\drivers\SaiK0836.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys;c:\windows\SYSNATIVE\drivers\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys;c:\windows\SYSNATIVE\drivers\smhwser.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 20:40    453736    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 00:09]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 23:56]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 23:56]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1003121678-4294376205-2996640018-1000Core.job
- c:\users\GAMER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 03:50]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1003121678-4294376205-2996640018-1000UA.job
- c:\users\GAMER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23 03:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-08 6827664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GAMER\AppData\Roaming\Mozilla\Firefox\Profiles\3x8j3ufn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Foreign Legion: Multi Massacre_is1 - c:\program files (x86)\Foreign Legion Multi Massacre\unins000.exe
AddRemove-Steam App 113200 - e:\program files (x86)\Steam Crack\steam.exe
AddRemove-Steam App 224600 - e:\program files (x86)\Steam Crack\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3081822817-666659340-1812492736-1000\ * [**]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3081822817-666659340-1812492736-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,ff,74,83,24,81,58,65,27,a1,89,18,d4,cb,71,40,09,6c,d0,0b,63,
   ba,d3,54,9b,2d,f8,37,c6,53,9f,43,ac,32,bf,ca,44,85,74,2b,a2,aa,2c,0a,e8,93,\
"rkeysecu"=hex:70,76,4f,34,a5,9f,bd,72,94,21,90,30,f8,55,0d,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-01  22:40:57
ComboFix-quarantined-files.txt  2013-09-02 03:40
ComboFix2.txt  2013-08-30 22:43
.
Pre-Run: 109,468,372,992 bytes free
Post-Run: 109,011,447,808 bytes free
.
- - End Of File - - A245587799C70E25C1AAACCECF428C82
A36C5E4F47E84449FF07ED3517B43A31
 



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:28 AM

Posted 01 September 2013 - 11:17 PM

Hello again,

 

How is the computer running now? Any issues still present?

 

bloopie



#15 MyPCusedToWork

MyPCusedToWork
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 01 September 2013 - 11:56 PM

I didn't have any before running the script... nothing now... AFACT it's back to normal.

 

Thanks so much for the help, honestly didn't know what to expect using a malware removal forum for the first time.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users