Gand
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Gand
-
-
Okay. This was the result:
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
Database version: v2012.12.05.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
EX-RIG :: EX-RIG-PC [administrator]
Protection: Enabled
12/5/2012 8:53:28 AM
mbam-log-2012-12-05 (19-40-35).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380925
Time elapsed: 38 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent) -> No action taken.
(end)
And I chose the option to have it removed. Everything is fine now.
-
sigh And now I am running a full scan with Malwarebytes and it has found 1 threat already. I will see what it is when I get back from work. sigh...
-
I have done everything you have stated to do in your last post. I thank you sincerely for all of your help!
-
I apologize for waiting to get back to you this late. I woke up for work late and was in a rush. For now things seem to be running well.
-
Will do. Thank you!
-
I haven't seen any difference good or bad with my system. Just today when I got home from work I restarted my computer and it just hung at a black screen with a blinking cursor for awhile. I had to hit the kill switch on the back of the computer then turn it back on and then the computer booted up properly.
-
Eset Log:
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\01.12.2012_19.39.19\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\EX-RIG\Downloads\DTLite4454-0315.exe Win32/OpenCandy application
C:\_OTL\MovedFiles\12022012_180022\C_Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi JS/Redirector.NCI trojan
-
Malwarebytes log:
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
Database version: v2012.12.03.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
EX-RIG :: EX-RIG-PC [administrator]
Protection: Enabled
12/3/2012 6:52:22 PM
mbam-log-2012-12-03 (18-52-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212367
Time elapsed: 2 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
I haven't had any BSOD/memory dumps the past few days.
-
I am sorry. I missed that. It seems to be running the same as usual. Apart from when it goes into sleep mode it completely freezes and the graphics card crashing once in awhile.
-
Here it is:
OTL logfile created on: 12/2/2012 6:15:47 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.76% Memory free
15.96 Gb Paging File | 13.69 Gb Available in Paging File | 85.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 670.49 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EX-RIG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()
PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (DesktopCentralServer) -- C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe (Tanuki Software, Ltd.)
SRV - (MEDC Server Component - Notification Server) -- C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe ()
SRV - (MEDCServerComponent-Apache) -- C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe (Apache Software Foundation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{26685492-363D-4498-B351-4C93655AD19C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120833,17118,0,18,0
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A46A48171591F705ADFD42502FBE0506&q={searchTerms}
IE - HKCU\..\SearchScopes\{7380A3CB-88C7-4e36-9626-4E2A4BE6E6BB}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8341BCA4-0CE5-44FB-AF38-2D95A59CF173}&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-10-06 13:39:04&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q="
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/06 12:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 17:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Extensions
[2012/12/02 18:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions
[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/16 12:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/08 19:05:44 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/12/01 19:56:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/24 10:16:00 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/06/11 02:44:56 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/02 18:00:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/02 14:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe
[2012/12/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/01 19:49:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/01 19:49:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/01 19:49:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/01 19:49:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/01 19:49:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/01 19:48:09 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe
[2012/12/01 19:39:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/01 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Telltale Games
[2012/12/01 19:38:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/12/01 19:38:02 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/12/01 19:38:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/12/01 19:38:02 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/12/01 19:38:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/12/01 19:38:01 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/12/01 19:38:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/12/01 18:52:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe
[2012/12/01 18:48:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com
[2012/11/25 16:22:08 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\ESN
[2012/11/23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/11/23 12:09:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/23 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/11/22 11:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/11/21 23:09:10 | 000,000,000 | ---D | C] -- C:\found.001
[2012/11/21 22:07:41 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\cYo
[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\cYo
[2012/11/17 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2012/11/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2012/11/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/17 11:05:38 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Desktop\Star Wars
[2012/11/16 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/16 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\CrashRpt
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Arktos
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\Arktos
[2012/11/13 23:24:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/13 23:24:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/13 23:24:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/13 23:24:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/13 23:24:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/13 23:24:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/13 23:24:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/13 23:24:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/13 23:24:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/13 23:24:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/13 23:24:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/13 23:24:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/13 23:24:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/13 23:24:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/13 23:24:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/13 19:16:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/13 19:16:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\The War Z
[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012/11/10 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
========== Files - Modified Within 30 Days ==========
[2012/12/02 18:14:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 18:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/02 18:13:59 | 2131,472,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/02 18:05:02 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/02 18:05:02 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/02 18:05:02 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/02 18:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 17:55:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 14:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe
[2012/12/01 23:16:41 | 000,165,376 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe
[2012/12/01 23:16:26 | 000,139,264 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe
[2012/12/01 19:56:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/01 19:48:09 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe
[2012/12/01 19:05:41 | 000,000,222 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url
[2012/12/01 18:52:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe
[2012/12/01 18:48:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com
[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/29 18:55:44 | 005,063,682 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub
[2012/11/29 18:37:32 | 440,134,815 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/25 16:23:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/25 16:22:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/11/23 12:31:15 | 000,509,552 | ---- | M] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif
[2012/11/23 12:29:16 | 000,068,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png
[2012/11/23 12:10:42 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/11/23 12:09:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/22 11:40:30 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/21 23:47:05 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/19 09:03:07 | 000,020,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf
[2012/11/17 12:40:22 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/17 11:56:49 | 000,000,221 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url
[2012/11/17 11:52:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2012/11/16 08:57:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/14 07:29:35 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 23:24:18 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/11 20:01:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/11 20:01:48 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/11 14:34:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/11/10 17:36:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
========== Files Created - No Company Name ==========
[2012/12/01 23:16:40 | 000,165,376 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe
[2012/12/01 23:16:26 | 000,139,264 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe
[2012/12/01 19:49:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/01 19:49:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/01 19:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/01 19:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/01 19:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/01 19:05:41 | 000,000,222 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url
[2012/11/29 18:55:43 | 005,063,682 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub
[2012/11/23 12:31:48 | 000,509,552 | ---- | C] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif
[2012/11/23 12:29:27 | 000,068,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png
[2012/11/23 12:10:42 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/11/22 11:40:30 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/21 21:56:02 | 000,000,318 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Curse Client.appref-ms
[2012/11/19 09:03:07 | 000,020,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf
[2012/11/17 12:40:22 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/17 11:56:49 | 000,000,221 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url
[2012/11/16 08:57:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/13 23:24:18 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/11/11 14:34:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/09/14 19:57:25 | 392,589,500 | ---- | C] () -- C:\Users\EX-RIG\this.means.war.2012.unrated.720p.bluray.x264-sparks.mkv
[2012/09/08 03:17:19 | 000,010,615 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.nfo
[2012/09/08 03:17:19 | 000,003,317 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.sfv
[2012/09/08 01:04:00 | 4290,085,058 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Return_of_the_King_Ext_2003_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/08 01:04:00 | 4249,049,694 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Fellowship_of_the_Ring_Ext_2001_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/08 00:35:33 | 4292,386,964 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Two_towers_Ext_2002_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/03 23:42:11 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/03 23:42:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/15 10:58:06 | 000,000,094 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\fusioncache.dat
[2012/07/15 10:55:11 | 000,785,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/15 10:02:36 | 000,027,520 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\dt.dat
[2012/06/16 22:38:02 | 000,000,045 | ---- | C] () -- C:\Users\EX-RIG\jagex_cl_runescape_LIVE.dat
[2012/06/16 22:38:02 | 000,000,024 | ---- | C] () -- C:\Users\EX-RIG\random.dat
[2012/05/25 12:43:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/05/25 12:43:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/05/25 12:43:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/05/25 12:42:21 | 000,000,003 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\user_data.ini
[2012/05/25 12:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
-
Extras.txt:
OTL Extras logfile created on: 12/2/2012 3:01:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.50% Memory free
15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 669.35 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19D2EFEC-51DC-4B6F-9FED-63BBB29D6503}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F249552-DE95-40A5-8BE5-ED860AC5AA88}" = lport=57087 | protocol=17 | dir=in | name=pando media booster |
"{31437DA3-946B-4766-8A09-8C85E2C07228}" = lport=57087 | protocol=6 | dir=in | name=pando media booster |
"{39C96943-9991-4F4D-8D26-F8FC1C1BB97C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C38490A-C2D3-45A9-8368-1BCD8E6C3F27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DA6A66C-8E7B-4B7B-8923-3617D0EACF55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{44EA860D-07CA-49D1-AC3A-1C37C9E2A329}" = rport=137 | protocol=17 | dir=out | app=system |
"{459D5623-597A-4962-BF63-B25DAD6E8454}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{463C4DD5-D289-42A7-A63C-612745BF598C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5111773C-084A-4D6C-96D3-976549B1CD8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{523027EC-9492-4144-A334-1B6B7A9FDC18}" = lport=57087 | protocol=6 | dir=in | name=pando media booster |
"{64327D8F-0F2B-4607-8D2A-B96BFD00BFC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{700F4F0C-3E5D-47D9-B20A-E6108E97B368}" = lport=137 | protocol=17 | dir=in | app=system |
"{76E27740-A7B6-4D3A-ADAC-6C22AE4496AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{8709D062-7161-4796-B353-AFFCEC732DDC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D635FC-5CA2-4D64-88F6-8A68D9330C8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC51C4D4-258A-4895-B502-0F8DC30D8575}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C54F0780-2255-456C-83E9-091E6955373B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDBBCB80-FF01-4FEA-A521-4685A433D20A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D77E9F1D-E6C8-4688-89DB-6B82BB0494D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{D8DCF515-A355-4E52-A19C-135D5671C082}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DFE6A691-9883-463B-8AE9-324AFCD96A47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5B4EF0B-24FC-4F03-BB6B-068B517BC94C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED4D5A3A-1E1F-4248-9A26-4EDA4BB22085}" = lport=57087 | protocol=17 | dir=in | name=pando media booster |
"{F59D51AB-D28C-4202-B7EE-7B7ED63D4309}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09941C26-D77A-4CF1-9720-55DBA881B0D4}" = dir=in | app=c:\users\ex-rig\documents\the war z\warz.exe |
"{0B4555C1-388F-4364-B76D-BA5138EA38B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0CC19BDE-735C-4A3F-9A82-A45A2DCC4A33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1594394D-0D3E-43BF-BFFA-09B8DDC68E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C557C06-9075-42C8-A02E-EA953AF2537A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25BA657C-6E92-455C-A246-FEBF6F3694CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{25F26C4E-9A9C-4C78-8C25-93E81067B569}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{26598C38-74A9-40F1-84FA-3C49E94FBF76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{30414F48-472F-4D9C-A609-7A69066C429F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{32CFB45F-44F6-4D3F-8F09-0BD53866EFAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33123B94-B2CF-46A4-8E81-8D690E8854F3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{331C6B24-6A89-4BF0-A01A-54FDF406C323}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3415F4A0-C367-4612-AB18-6A8E291F508D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{35EC6873-D75E-415E-B946-8A9562ED36D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{3AA948EF-FF2E-49ED-B155-8F178A3214CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AB7689B-A281-4DE8-A3E9-6035C95A39D6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{41581719-90D1-4536-A43F-CF5F75A3A3F5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{418A521F-7E72-422E-B419-4A67B6C808C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{480347EB-F5C5-4083-8167-D1DACD9C104C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4A2B5FD8-8033-4C7E-95A0-3607299E770C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AD96690-B3D8-4929-AEB8-70AFA3505B99}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{4CE8C33A-2893-4020-BA07-C9AA03B9A8EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4E43A1F8-6880-4D82-87AE-14C46BA23E84}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{51CE23A6-7F15-4CD2-B08E-EB4C939B4A16}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{571B1F3F-E2D9-4C9E-AAAB-A6156BCD0D80}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59CDA3EC-F27F-4675-B551-437A74EDE0DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D51C866-BF7B-4413-B1CB-891069572197}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5E9C32D3-923A-47AE-9879-72EFB19579A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5ECD00BB-51A2-4E5C-B09C-CC6EAF67A195}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5FB0A922-BFF4-4860-86BC-C57C7E4901DD}" = dir=in | app=c:\program files (x86)\desktopcentral_server\mysql\bin\mysqld-nt.exe |
"{5FD1279B-2E26-423D-A9B1-929E41C15472}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6249C03E-7242-4D21-A4DA-326C74A1E7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63364CAC-F034-4B40-8ED3-DB9F21256DDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6784645C-27B3-41F3-8C01-E7B908271090}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{680A92EE-1095-4955-9702-F8ADDB4A7C09}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68F295F3-54CD-43D7-8F09-868A0CA0F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6F084418-384D-49DF-815A-BD207CF0A9AE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{76AFBF41-6AAB-45C8-BA92-4FD795905398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76E8F0B3-E5FC-4251-B079-5CFA07ECF586}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{780419C9-F89D-4B5C-A454-84F304ECA031}" = dir=in | app=c:\program files (x86)\desktopcentral_server\bin\wrapper.exe |
"{7E2B2C74-B3C6-4122-BD76-C20C4AD3B0C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{82168230-688F-439E-8500-B5CC4BA0F827}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{84C6B417-8367-4A27-9F64-9651D8EE6DF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{853B657A-57B1-47F6-A25C-25DD0D366519}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8856C097-98D8-4870-B42E-469E71D064A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8ACF88B5-E71B-4777-BEFF-FCB498A1D943}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8BC9FBB0-64F5-4C06-B7B2-E0282964D67E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8DCE207C-0153-443C-A20E-231678310704}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{92AB5E08-835C-4D9B-9897-809FB68FA6F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{99F0AE63-6888-446E-AF7A-360C495092C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9F597C17-EB50-428F-A1BF-60BC3774D8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{A18F797C-EEB1-44D3-AF54-AD24915D4C24}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A90DAD4A-C86A-4B6C-979E-49ECFD40348F}" = dir=in | app=c:\program files (x86)\desktopcentral_server\bin\dcnotificationserver.exe |
"{AB3C2C78-F98F-4371-A84D-124EB4DBC61D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B28606C7-799E-4DBB-8AF7-A24A6216383B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5B2A700-1C58-4C31-989A-68254E6DC358}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B60B3165-6D40-4088-B54E-1A31EC573485}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B9955FB6-BE4A-48A7-8D3B-6FF3FA403210}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA9B2137-5747-47FE-BEC5-AAB4F3D3312D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE31AC04-C3C4-4A8B-A879-48539123D2CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C99C7240-0CAE-415E-96E2-658F7445858C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C9F46C7C-A2B4-415B-B47D-3AB16756274D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D07770E0-FE2C-4222-B6D3-77DD7B502133}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D1E52EAC-C1FC-4CFD-ACF4-D3277DA3B54A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{D39040BB-EE33-4AF9-A8DB-538218DD4411}" = dir=in | app=c:\program files (x86)\desktopcentral_server\apache\bin\dcserverhttpd.exe |
"{D4148E93-7D63-45D1-9E0F-55354E71EC31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DB2DC029-AA97-4151-82CF-880F908ECF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E13AC781-D638-4AD3-A2F6-E40C249DEE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E403EB2A-2332-44F8-A3BB-02E424AD9D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E46F10D0-DBB2-4A23-B473-08918BDA00C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E8F61BBF-4055-4C3C-8D8E-072AEA6FDB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E9C8AA9F-175E-4EE3-8B9B-CF785E4C0A88}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{EDC37927-32BF-4C45-B070-0B80C51E0E34}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F4BAAC20-C174-4AEC-8D79-7C84BC452782}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6435A03-74F1-4A4B-BF47-0DBCEB99C57C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{FD29414C-FD07-48AE-9B9A-7C7B41133226}" = protocol=6 | dir=out | app=system |
"{FD8F8F25-C5E8-4A65-BB63-6190403C098F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{810BF87C-EA60-41E7-B01D-A72AF903851B}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{DA7F93C3-33EC-4DBC-B5B0-A9A59ACE5D50}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{E525008D-AFDF-40BB-A6B7-680DDD7B11E4}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"UDP Query User{5A85EF82-C74E-4A07-94D2-BF875C466392}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{CCDEA857-0EF6-4B10-9719-CC99494E864C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{E1677110-FBCF-40CD-94B8-C3F3AAB85A38}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{53FF78D3-28A3-2A34-2DEF-F79BE2581146}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C85D3CB-C982-2748-1169-017C2D873E2E}" = ATI AVIVO64 Codecs
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"AVG" = AVG 2013
"ComicRack" = ComicRack v0.9.156
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)
"XFast LAN" = XFast LAN v6.61
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C284C44-B8E0-2ED3-8154-52133AAFF538}" = HydraVision
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{55DBE324-BA6A-4AE2-BC68-B406915C2C0B}" = Overwolf
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}" = ManageEngine Desktop Central 8 - Server
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{D726D186-0BA7-8BC4-6273-A9AED17C7B8A}" = Application Profiles
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.122
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1" = The Lord of the Rings Online™: Riders of Rohan™! v03.08.00.1107
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 207610" = The Walking Dead
"Steam App 48190" = Assassin's Creed Brotherhood
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"World of Warcraft" = World of Warcraft
"XFast USB" = XFast USB
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/1/2012 1:46:27 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/1/2012 1:57:48 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/1/2012 6:41:09 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/1/2012 7:43:02 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/1/2012 8:40:59 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/2/2012 4:07:24 AM | Computer Name = EX-RIG-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9968
Error - 12/2/2012 4:18:46 AM | Computer Name = EX-RIG-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9968
Error - 12/2/2012 1:45:50 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 12/2/2012 3:38:50 PM | Computer Name = EX-RIG-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
[ System Events ]
Error - 10/9/2012 12:44:32 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/9/2012 9:02:29 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7038
Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 10/9/2012 9:02:31 AM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1069
Error - 10/9/2012 7:07:57 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 10/9/2012 8:49:40 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 10/9/2012 8:49:40 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/9/2012 11:48:17 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 10/9/2012 11:48:19 PM | Computer Name = EX-RIG-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
-
OTL.txt
OTL logfile created on: 12/2/2012 3:01:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.50% Memory free
15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 669.35 Gb Free Space | 71.86% Space Free | Partition Type: NTFS
Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EX-RIG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()
PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (DesktopCentralServer) -- C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe (Tanuki Software, Ltd.)
SRV - (MEDC Server Component - Notification Server) -- C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe ()
SRV - (MEDCServerComponent-Apache) -- C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe (Apache Software Foundation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=18BA7DCC-3780-4D1D-8013-524F44E25EA3&apn_sauid=DCA3FF93-A6A8-4E68-A4A4-817AC8398A18
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{26685492-363D-4498-B351-4C93655AD19C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120833,17118,0,18,0
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A46A48171591F705ADFD42502FBE0506&q={searchTerms}
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{7380A3CB-88C7-4e36-9626-4E2A4BE6E6BB}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8341BCA4-0CE5-44FB-AF38-2D95A59CF173}&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-10-06 13:39:04&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.2.100013
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/06 12:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 17:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Extensions
[2012/10/28 12:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions
[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[1832/11/28 23:37:17 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
[2012/09/09 13:17:53 | 000,002,568 | ---- | M] () -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\searchplugins\askcom.xml
[2012/06/16 12:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/08 19:05:44 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/12/01 19:56:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 02:44:56 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/02 14:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe
[2012/12/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/01 19:49:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/01 19:49:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/01 19:49:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/01 19:49:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/01 19:49:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/01 19:48:09 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe
[2012/12/01 19:39:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/01 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Telltale Games
[2012/12/01 18:52:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe
[2012/12/01 18:48:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com
[2012/11/25 16:22:08 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\ESN
[2012/11/23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/11/23 12:09:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/23 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/11/22 11:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/11/21 23:09:10 | 000,000,000 | ---D | C] -- C:\found.001
[2012/11/21 22:07:41 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\cYo
[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\cYo
[2012/11/17 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2012/11/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2012/11/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/17 11:05:38 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Desktop\Star Wars
[2012/11/16 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/16 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\CrashRpt
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Arktos
[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\Arktos
[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\The War Z
[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012/11/10 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/02 15:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 14:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 14:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe
[2012/12/02 14:44:15 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/02 14:44:15 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/02 14:44:15 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/02 14:38:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 14:38:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/02 14:38:46 | 2131,472,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/01 23:16:41 | 000,165,376 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe
[2012/12/01 23:16:26 | 000,139,264 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe
[2012/12/01 19:56:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/01 19:48:09 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe
[2012/12/01 19:05:41 | 000,000,222 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url
[2012/12/01 18:52:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe
[2012/12/01 18:48:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com
[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/29 18:55:44 | 005,063,682 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub
[2012/11/29 18:37:32 | 440,134,815 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/25 16:23:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/25 16:22:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/11/23 12:31:15 | 000,509,552 | ---- | M] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif
[2012/11/23 12:29:16 | 000,068,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png
[2012/11/23 12:10:42 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/11/23 12:09:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/22 11:40:30 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/21 23:47:05 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/19 09:03:07 | 000,020,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf
[2012/11/17 12:40:22 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/17 11:56:49 | 000,000,221 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url
[2012/11/17 11:52:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2012/11/16 08:57:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/14 07:29:35 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 23:24:18 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/11 14:34:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/11/10 17:36:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/01 23:16:40 | 000,165,376 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe
[2012/12/01 23:16:26 | 000,139,264 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe
[2012/12/01 19:49:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/01 19:49:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/01 19:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/01 19:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/01 19:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/01 19:05:41 | 000,000,222 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url
[2012/11/29 18:55:43 | 005,063,682 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub
[2012/11/23 12:31:48 | 000,509,552 | ---- | C] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif
[2012/11/23 12:29:27 | 000,068,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png
[2012/11/23 12:10:42 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/11/22 11:40:30 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/21 21:56:02 | 000,000,318 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Curse Client.appref-ms
[2012/11/19 09:03:07 | 000,020,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf
[2012/11/17 12:40:22 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/17 11:56:49 | 000,000,221 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url
[2012/11/16 08:57:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/13 23:24:18 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/11/11 14:34:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/09/14 19:57:25 | 392,589,500 | ---- | C] () -- C:\Users\EX-RIG\this.means.war.2012.unrated.720p.bluray.x264-sparks.mkv
[2012/09/08 03:17:19 | 000,010,615 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.nfo
[2012/09/08 03:17:19 | 000,003,317 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.sfv
[2012/09/08 01:04:00 | 4290,085,058 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Return_of_the_King_Ext_2003_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/08 01:04:00 | 4249,049,694 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Fellowship_of_the_Ring_Ext_2001_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/08 00:35:33 | 4292,386,964 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Two_towers_Ext_2002_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4
[2012/09/03 23:42:11 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/03 23:42:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/15 10:58:06 | 000,000,094 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\fusioncache.dat
[2012/07/15 10:55:11 | 000,785,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/15 10:02:36 | 000,027,520 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\dt.dat
[2012/06/16 22:38:02 | 000,000,045 | ---- | C] () -- C:\Users\EX-RIG\jagex_cl_runescape_LIVE.dat
[2012/06/16 22:38:02 | 000,000,024 | ---- | C] () -- C:\Users\EX-RIG\random.dat
[2012/05/25 12:43:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/05/25 12:43:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/05/25 12:43:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/05/25 12:42:21 | 000,000,003 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\user_data.ini
[2012/05/25 12:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/07/21 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\.minecraft
[2012/07/16 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG
[2012/10/06 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG2013
[2012/07/24 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\calibre
[2012/11/17 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\cYo
[2012/08/18 11:11:18 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DAEMON Tools Lite
[2012/07/15 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DeviceVm
[2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DriverCure
[2012/05/25 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Leadertech
[2012/07/21 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Marine Aquarium 3
[2012/10/11 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Mumble
[2012/09/03 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Nuance
[2012/11/29 18:39:31 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Origin
[2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ParetoLogic
[2012/08/11 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Splashtop
[2012/08/18 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Thinstall
[2012/11/22 00:49:33 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TS3Client
[2012/08/03 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ts3overlay
[2012/10/06 12:39:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TuneUp Software
[2012/07/15 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Turbine
[2012/11/22 11:37:09 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\uTorrent
[2012/06/07 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
-
Under point 6 in your post you state: "Under the Custom Scan box paste this in" but there is nothing there. Please confirm.
-
Here it is:
ComboFix 12-12-01.02 - EX-RIG 12/02/2012 14:22:42.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.6176 [GMT -5:00]
Running from: c:\users\EX-RIG\Desktop\ComboFix.exe
Command switches used :: c:\users\EX-RIG\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi"
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 19:27 . 2012-12-02 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 00:39 . 2012-12-02 00:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-02 00:38 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-02 00:38 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2012-12-02 00:38 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2012-12-02 00:38 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-12-02 00:38 . 2006-07-28 14:30 62744 ----a-w- c:\windows\SysWow64\xinput1_2.dll
2012-11-25 21:22 . 2012-11-25 21:22 -------- d-----w- c:\users\EX-RIG\AppData\Local\ESN
2012-11-23 17:09 . 2012-11-23 17:09 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-23 17:09 . 2012-11-23 17:09 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-22 04:09 . 2012-11-22 04:09 -------- d-----w- C:\found.001
2012-11-22 03:07 . 2012-11-23 02:49 -------- d-----w- C:\Fraps
2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Roaming\cYo
2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Local\cYo
2012-11-17 17:40 . 2012-11-17 17:41 -------- d-----w- c:\program files\ComicRack
2012-11-16 13:57 . 2012-12-02 17:46 -------- d-----w- c:\program files (x86)\Steam
2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\CrashRpt
2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\Arktos
2012-11-14 00:16 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 00:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 00:16 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 21:23 . 2012-09-04 04:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-25 21:23 . 2012-09-06 03:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-25 21:23 . 2012-09-04 04:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-25 21:22 . 2012-09-04 04:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-17 16:52 . 2012-07-24 21:52 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-11-14 04:22 . 2012-07-21 18:21 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 01:01 . 2012-06-07 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 01:01 . 2012-06-07 03:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 12:01 . 2012-10-09 12:01 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 23:54 . 2012-07-15 23:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 19:37 . 2012-09-28 19:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 19:36 . 2012-09-28 19:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 19:36 . 2012-09-28 19:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 19:36 . 2012-09-28 19:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 19:36 . 2012-09-28 19:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 19:36 . 2012-09-28 19:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 19:32 . 2012-09-28 19:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-06-11 17:23 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-06-11 17:01 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-06-11 16:25 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-06-11 16:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-25 03:16 . 2012-10-21 05:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 12:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-09 05:36 . 2012-06-17 03:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 05:36 . 2012-06-17 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 16:30 . 2012-09-04 16:30 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-10-06 17:39 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-10-06 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-29 3492504]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-11-16 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-20 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-05-25 4878912]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-06 947808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-06 856160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-8 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ManageEngine Desktop Central.lnk - c:\program files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe [2012-6-21 208008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\program files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-06-21 458008]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-11-17 32320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\program files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-06-21 228488]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\program files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-06-21 20549]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-09-13 18360]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-23 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-25 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-14 56448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 01:01]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6f,09,3e,7e,1c,c3,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 14:28:48
ComboFix-quarantined-files.txt 2012-12-02 19:28
ComboFix2.txt 2012-12-02 04:40
ComboFix3.txt 2012-12-02 00:58
.
Pre-Run: 718,706,630,656 bytes free
Post-Run: 718,654,578,688 bytes free
.
- - End Of File - - 278209AC41F38AC3291A983F786B0FA7
-
Here you go:
ComboFix 12-12-01.02 - EX-RIG 12/01/2012 23:34:18.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.5978 [GMT -5:00]
Running from: c:\users\EX-RIG\Desktop\ComboFix.exe
Command switches used :: c:\users\EX-RIG\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 04:38 . 2012-12-02 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 00:39 . 2012-12-02 00:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-02 00:38 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-12-02 00:38 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2012-12-02 00:38 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2012-12-02 00:38 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-12-02 00:38 . 2006-07-28 14:30 62744 ----a-w- c:\windows\SysWow64\xinput1_2.dll
2012-11-25 21:22 . 2012-11-25 21:22 -------- d-----w- c:\users\EX-RIG\AppData\Local\ESN
2012-11-23 17:09 . 2012-11-23 17:09 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-23 17:09 . 2012-11-23 17:09 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-22 04:09 . 2012-11-22 04:09 -------- d-----w- C:\found.001
2012-11-22 03:07 . 2012-11-23 02:49 -------- d-----w- C:\Fraps
2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Roaming\cYo
2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Local\cYo
2012-11-17 17:40 . 2012-11-17 17:41 -------- d-----w- c:\program files\ComicRack
2012-11-16 13:57 . 2012-12-02 01:23 -------- d-----w- c:\program files (x86)\Steam
2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\CrashRpt
2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\Arktos
2012-11-14 00:16 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 00:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 00:16 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 21:23 . 2012-09-04 04:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-25 21:23 . 2012-09-06 03:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-25 21:23 . 2012-09-04 04:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-25 21:22 . 2012-09-04 04:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-17 16:52 . 2012-07-24 21:52 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-11-14 04:22 . 2012-07-21 18:21 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 01:01 . 2012-06-07 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 01:01 . 2012-06-07 03:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 12:01 . 2012-10-09 12:01 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 23:54 . 2012-07-15 23:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 19:37 . 2012-09-28 19:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 19:36 . 2012-09-28 19:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 19:36 . 2012-09-28 19:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 19:36 . 2012-09-28 19:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 19:36 . 2012-09-28 19:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 19:36 . 2012-09-28 19:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 19:32 . 2012-09-28 19:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-06-11 17:23 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-06-11 17:01 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-06-11 16:25 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-06-11 16:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-25 03:16 . 2012-10-21 05:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 12:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-09 05:36 . 2012-06-17 03:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 05:36 . 2012-06-17 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 16:30 . 2012-09-04 16:30 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-10-06 17:39 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-10-06 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-29 3492504]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-11-16 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-05-25 4878912]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-06 947808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-06 856160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-8 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ManageEngine Desktop Central.lnk - c:\program files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe [2012-6-21 208008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\program files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-06-21 458008]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-11-17 32320]
R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\program files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-06-21 228488]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\program files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-06-21 20549]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-09-13 18360]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-23 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-25 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-14 56448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38341475
*NewlyCreated* - 41599736
*NewlyCreated* - 44885937
*Deregistered* - 38341475
*Deregistered* - 41599736
*Deregistered* - 44885937
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 01:01]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6f,09,3e,7e,1c,c3,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-01 23:40:20
ComboFix-quarantined-files.txt 2012-12-02 04:40
ComboFix2.txt 2012-12-02 00:58
.
Pre-Run: 708,134,739,968 bytes free
Post-Run: 708,103,589,888 bytes free
.
- - End Of File - - DA15CBC00CA6BD546C76892EDCA33374
-
Scratch that. That's because I did not copy the s in the /s at the end of the last line. My bad. =o(
-
I didn't think I ran it as Admin so I reran it and this is what came up:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:26 on 01/12/2012 by EX-RIG
Administrator - Elevation successful
========== dir ==========
c:\users\EX-RIG\AppData\Roaming\cYo - Parameters: "(none)"
---Files---
None found.
---Folders---
ComicRack d------ [17:42 17/11/2012]
-= EOF =-
-
SystemLook 30.07.11 by jpshortstuff
Log created at 23:17 on 01/12/2012 by EX-RIG
Administrator - Elevation successful
========== dir ==========
c:\users\EX-RIG\AppData\Roaming\cYo - Parameters: "/s"
---Files---
None found.
c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack d------ [17:42 17/11/2012]
ComicDb.xml --a---- 10775 bytes [17:50 17/11/2012] [17:33 23/11/2012]
ComicDb.xml.bak --a---- 10775 bytes [17:50 17/11/2012] [17:33 23/11/2012]
Config.xml --a---- 14165 bytes [17:50 17/11/2012] [17:33 23/11/2012]
DonateImage --a---- 2120 bytes [17:42 17/11/2012] [17:42 17/11/2012]
NewsFeeds.xml --a---- 17885 bytes [17:50 17/11/2012] [17:33 23/11/2012]
c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack\Scripts d------ [17:42 17/11/2012]
c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack\Scripts\.Pending d------ [17:07 23/11/2012]
-= EOF =-
-
-
-
-
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by EX-RIG at 18:51:22 on 2012-12-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.6142 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe
C:\Program Files (x86)\XFast USB\XFastUsb.exe
C:\Users\EX-RIG\AppData\Local\Apps\2.0\0BQ9XCG4.N4V\9RA2QD6O.AD6\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [smartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~1.LNK - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; C:\Users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-25 17192]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-23 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-5-25 15936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-7 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 676936]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-25 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-15 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-5-25 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-25 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-9-3 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DesktopCentralServer;ManageEngine Desktop Central Server;C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-6-21 458008]
S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-7-24 32320]
S3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-6-21 228488]
S3 MEDCServerComponent-Apache;MEDC Server Component - Apache;C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-6-21 20549]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-7-15 18360]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-7-8 694888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-7 1255736]
.
=============== Created Last 30 ================
.
2012-12-01 23:44:01 20480 ----a-w- C:\Windows\svchost.exe
2012-11-25 21:22:08 -------- d-----w- C:\Users\EX-RIG\AppData\Local\ESN
2012-11-23 17:09:35 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-11-23 17:09:29 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-11-22 04:09:10 -------- d-sh--w- C:\found.001
2012-11-22 03:07:41 -------- d-----w- C:\Fraps
2012-11-17 17:42:35 -------- d-----w- C:\Users\EX-RIG\AppData\Roaming\cYo
2012-11-17 17:42:35 -------- d-----w- C:\Users\EX-RIG\AppData\Local\cYo
2012-11-17 17:40:20 -------- d-----w- C:\Program Files\ComicRack
2012-11-16 13:57:07 -------- d-----w- C:\Program Files (x86)\Steam
2012-11-15 12:28:19 -------- d-----w- C:\Users\EX-RIG\AppData\Local\CrashRpt
2012-11-15 12:28:19 -------- d-----w- C:\Users\EX-RIG\AppData\Local\Arktos
2012-11-14 00:16:07 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 00:16:02 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 00:16:02 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-11-25 21:23:16 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-25 21:23:07 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-25 21:23:07 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-25 21:22:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-11-17 16:52:29 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2012-11-12 01:01:48 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 01:01:48 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 12:01:08 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 19:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 19:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 19:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 19:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 19:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 19:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 19:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-09 05:36:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-09 05:36:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-04 16:30:43 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 18:51:59.72 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2012 1:28:55 PM
System Uptime: 12/1/2012 6:42:35 PM (0 hours ago)
.
Motherboard: ASRock | | 970 Extreme3
Processor: AMD FX-4100 Quad-Core Processor | CPUSocket | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 634.447 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 11/21/2012 11:37:52 PM - Windows Update
RP82: 11/22/2012 11:36:21 AM - Removed Resident Evil Operation Raccoon City
RP83: 11/23/2012 12:09:38 PM - Device Driver Package Install: DT Soft Ltd System devices
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.122
ASRock InstantBoot v1.29
Assassin's Creed Brotherhood
ATI AVIVO64 Codecs
AVG 2013
AVG PC Tuneup
Battlefield 3™
Battlelog Web Plugins
Belkin USB Wireless Adaptor
Bonjour
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ComicRack v0.9.156
Curse Client
DAEMON Tools Lite
EasyBoost
ESN Sonar
Etron USB3.0 Host Controller
Fraps (remove only)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HydraVision
iTunes
Java 2 Runtime Environment, SE v1.4.2_19
Java 7 Update 6 (64-bit)
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.65.1.1000
ManageEngine Desktop Central 8 - Server
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
Origin
Overwolf
Pando Media Booster
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Star Wars: The Old Republic
Steam
TeamSpeak 3 Client
The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
The Lord of the Rings Online™: Riders of Rohan™! v03.08.00.1107
The War Z version alpha
THX TruStudio
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.3
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
World of Warcraft
XFast LAN v6.61
XFast USB
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 6:43:15 PM, Error: Service Control Manager [7024] - The ManageEngine Desktop Central Server service terminated with service-specific error %%-1.
12/1/2012 6:43:11 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/1/2012 12:25:13 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
11/29/2012 6:37:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030c666b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-50388-01.
.
==== End Of File ===========================
-
Thank you and here are the logs:
2012/12/01 18:41:34 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:41:44 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:41:55 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:42:05 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:42:15 -0500 EX-RIG-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Starting protection
2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Protection started successfully
2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Starting IP protection
2012/12/01 18:43:13 -0500 EX-RIG-PC EX-RIG MESSAGE IP Protection started successfully
2012/12/01 18:44:23 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/12/01 18:44:35 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:44:45 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:44:55 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:45:05 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:45:16 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:45:26 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/12/01 18:45:36 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
Next one:
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
Database version: v2012.12.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
EX-RIG :: EX-RIG-PC [administrator]
Protection: Enabled
12/1/2012 6:41:29 PM
mbam-log-2012-12-01 (18-41-29).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 172643
Time elapsed: 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
And I restart and it finds it all over again and I quarantine it. It has gone from finding 2 to just one now.
SVCHOST.EXE Trojan Infection - Please Help!
in Resolved Malware Removal Logs
Posted
Awesome. And one of the best things that I have noticed is that my computer can now go to sleep and not freeze up everytime. I do not know what that was all about, but it is fixed. Thank you!