bakeumsj
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bakeumsj
-
-
Argh still being redirected...
-
Prior to running combo fix as I came to this forum I was still being redirected to random sites. I checked before coming here and clicked a bunch of links on google and it seemed okay. I'll keep my fingers crossed
Couple questions for you... Any chance this virus could of spread to my Mac Drives (+HFS). What firewall/anti-virus do you recommend for windows vista? I used to have Zone Alarm back in the day but it's been buggy as hell. Same with AVG Anti-Virus... I read some forums on here mentioning avast as anti virus. Also any firefox addons that are blockers I should download. Thank you seriously for your time and help with this matter by the way, genuinely appreciated. Also this seems to have fixed most issues with the security center, except I still cannot turn on the windows firewall. Any idea about that?ComboFix 13-01-03.02 - Sebastien 01/03/2013 1:36.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4085.2549 [GMT -7:00]
Running from: c:\users\Sebastien\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2072-04-03 19:13 . 2008-03-21 20:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2071-07-25 15:13 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-12-31 21:42 . 2013-01-03 05:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-31 21:42 . 2013-01-03 05:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-31 21:39 . 2012-12-31 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atidxx32.dll
2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-30 13:09 . 2012-12-30 13:09 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e12f05001cde68e1a\MeshBetaRemover.exe
2012-12-30 13:09 . 2012-12-30 13:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\DSETUP.dll
2012-12-30 13:09 . 2012-12-30 13:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\DXSETUP.exe
2012-12-30 13:09 . 2012-12-30 13:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\dsetup32.dll
2012-12-30 13:08 . 2012-12-30 13:08 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\DSETUP.dll
2012-12-30 13:08 . 2012-12-30 13:08 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\DXSETUP.exe
2012-12-30 13:08 . 2012-12-30 13:08 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\dsetup32.dll
2012-12-30 12:42 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-30 12:40 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-12-30 12:40 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-30 12:40 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-30 12:40 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-30 12:40 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-30 12:32 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-30 12:32 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-30 12:32 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-30 12:32 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-30 12:31 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-30 12:31 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-30 12:29 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-30 12:29 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-12-30 12:29 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-30 12:29 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-12-30 12:29 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-12-30 12:29 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-12-30 12:29 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-12-30 12:29 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-12-30 12:29 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-12-30 12:24 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-30 12:24 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-30 12:24 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-30 12:24 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-30 12:24 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-12-29 23:32 . 2012-12-29 23:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 23:49 . 2011-11-16 08:13 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 22:58 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-15 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-17 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 04:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-15 5430784]
"Skytel"="Skytel.exe" [2008-04-15 1826816]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-11-15 626464]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\
FF - ExtSQL: !HIDDEN! 2009-06-30 13:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-FRUpdate - (no file)
Wow6432Node-HKLM-Run-FRUpdate - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Steam App 211 - c:\games)\Steam\steam.exe
AddRemove-Steam App 215 - c:\games)\Steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-315456852-2602044955-3816073578-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,e7,b5,4f,fa,3b,fe,24,92,30,ec,8c,8a,f8,90,55,af,63,7b,c9,d5,b0,5f,
a6,2c,86,d6,1f,94,f0,fe,b0,99,f7,ab,4e,16,d4,2d,5c,9e,7f,07,c8,b7,46,60,04,\
"??"=hex:e2,bc,9f,0f,21,ba,b4,e3,b1,25,5f,5d,16,c4,5e,12
.
[HKEY_USERS\S-1-5-21-315456852-2602044955-3816073578-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,77,cd,04,d9,4a,8d,40,2f,fd,14,f2,7f,34,09,68,d3,3f,75,e4,49,
b3,0d,c2,97,43,10,97,2b,dd,04,aa,a3,d9,1f,a5,2e,40,dd,13,09,de,1c,3c,d7,d5,\
"rkeysecu"=hex:6f,0f,76,dd,7f,04,65,e5,2b,f9,e1,9f,b5,72,6e,4d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2013-01-03 01:51:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-03 08:51
.
Pre-Run: 48,059,699,200 bytes free
Post-Run: 47,722,278,912 bytes free
.
- - End Of File - - E3A79BAF2EE386F0931A9FA32086F878
-
# AdwCleaner v2.104 - Logfile created 01/03/2013 at 00:52:59
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista Ultimate Service Pack 2 (64 bits)
# User : Sebastien - VISTA64-PC
# Boot Mode : Normal
# Running from : C:\Users\Sebastien\Downloads\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Softonic
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [726 octets] - [03/01/2013 00:52:59]
########## EOF - C:\AdwCleaner[R1].txt - [785 octets] ##########
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 01/03/2013 01:04:08
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 13 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++
--- User ---
[MBR] 3258246f96bab4039b3dbdd252e0056e
[bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] d3252a956d1f672693e169d4148a2716
[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 84e647464629741fd49d02b17a71a351
[bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 374bb64bb14f3f9f2ab52e116314a425
[bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01032013_02d0104.txt >>
RKreport[1]_S_01032013_02d0104.txt
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Sebastien [Admin rights]
Mode : Remove -- Date : 01/03/2013 01:05:05
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++
--- User ---
[MBR] 3258246f96bab4039b3dbdd252e0056e
[bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] d3252a956d1f672693e169d4148a2716
[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 84e647464629741fd49d02b17a71a351
[bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 374bb64bb14f3f9f2ab52e116314a425
[bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01032013_02d0105.txt >>
RKreport[1]_S_01032013_02d0104.txt ; RKreport[2]_D_01032013_02d0105.txt
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Remove -- Date : 01/03/2013 01:05:05
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++
--- User ---
[MBR] 3258246f96bab4039b3dbdd252e0056e
[bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] d3252a956d1f672693e169d4148a2716
[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 84e647464629741fd49d02b17a71a351
[bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 374bb64bb14f3f9f2ab52e116314a425
[bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01032013_02d0105.txt >>
RKreport[1]_S_01032013_02d0104.txt ; RKreport[2]_D_01032013_02d0105.txt
-
Thanks for your quick reply Gringo, I will do my best to follow your instructions here we go, the logs as you requested:
----------------------------------------------------------------
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:36 on 02/01/2013 (_________)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 15 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Admin at 22:40:53 on 2013-01-02
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4085.2317 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
uRun: [FRUpdate] <no file>
mRun: [FRUpdate] <no file>
StartupFolder: C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{66D346A8-66EC-4C16-AAE7-577FD2821791} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A45B1322-678A-4533-A3B4-ACF1D2BDCB40} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D016123C-13DE-4E58-9E2F-F66AEDDE2567} : DHCPNameServer = 75.75.76.76 75.75.75.75
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [skytel] Skytel.exe
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-STS: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
x64-STS: Deskscapes Class - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll
x64-STS: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
FF - ExtSQL: !HIDDEN! 2009-06-30 13:22; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2009-11-15 170296]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2009-11-15 110904]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2009-11-15 15416]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2008-4-15 15416]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 398184]
R3 applebt;Apple Built-in Bluetooth;C:\Windows\System32\drivers\applebt.sys [2009-1-15 10752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-16 24176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 682344]
S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\System32\drivers\BthKicker.sys [2009-1-15 8704]
S3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2009-11-23 29184]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2008-5-21 34832]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-7 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atiuxpag.dll
2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atiu9pag.dll
2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atidxx32.dll
2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\aticfx32.dll
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-28 22:58:30 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
.
============= FINISH: 22:41:11.02 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume9
Install Date: 1/15/2009 9:40:43 PM
System Uptime: 1/2/2013 10:28:19 PM (0 hours ago)
.
Motherboard: Apple Inc. | | Mac-F42C88C8
Processor: Intel® Xeon® CPU E5462 @ 2.80GHz | CPU-A ( 0 ) | 2800/400mhz
Processor: Intel® Xeon® CPU E5462 @ 2.80GHz | CPU-B ( 0 ) | 2800/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 40.447 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 237 GiB total, 142.206 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
Bonjour
Boot Camp Services
Canon iP3600 series Printer Driver
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Choice Guard
Curse Client
DeskScapes
Diablo III
EPSON Scan
gBurner
Google Update Helper
Guild Wars 2
Hero Editor V1.03
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® Software
iTunes
KhalInstallWrapper
Logitech SetPoint
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenAL
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimCity 4
Skype™ 5.5
Source SDK
Source SDK Base
Spotify
Star Wars: The Old Republic
StarCraft II
Steam
The Elder Scrolls V: Skyrim
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client for Windows x64
Visual C++ 8.0 Runtime Setup Package (x64)
Warcraft III
Warcraft III: All Products
Winamp
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9)
Windows Driver Package - Apple Inc. Apple Bluetooth (04/06/2008 2.1.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (10/13/2009 6.6001.1.16)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Sound Schemes
WinPcap 4.1 beta4
WinRAR archiver
World of Warcraft
.
==== End Of File ===========================
-
Hello, I have this pesky virus that redirects my web clicks. Not sure if it matters but thought I would mention that I am running Windows Vista x64 on Bootcamp via a Mac Computer. Any help would be appreciated! Also I am unable to turn on my windows security center...
Couple questions for you... Any chance this virus could of spread to my Mac Drives (+HFS). What firewall/anti-virus do you recommend for windows vista? I used to have Zone Alarm back in the day but it's been buggy as hell. Same with AVG Anti-Virus... I read some forums on here mentioning avast as anti virus. Also any firefox addons that are blockers I should download. Thank you seriously for your time and help with this matter by the way, genuinely appreciated. Also this seems to have fixed most issues with the security center, except I still cannot turn on the windows firewall. Any idea about that?
Live Search Now Virus - Was Removed, Came Back
in Resolved Malware Removal Logs
Posted
OTL logfile created on: 1/3/2013 5:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastien\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.45% Memory free
9.85 Gb Paging File | 8.24 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): c:\pagefile.sys 6127 6127 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.57 Gb Total Space | 44.20 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
Drive E: | 236.82 Gb Total Space | 126.39 Gb Free Space | 53.37% Space Free | Partition Type: FAT32
Computer Name: VISTA64-PC | User Name: Sebastien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sebastien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (KeyMagic) -- C:\Windows\SysNative\DRIVERS\KeyMagic.sys (Apple Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corp.)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corp.)
DRV:64bit: - (applebt) -- C:\Windows\SysNative\DRIVERS\applebt.sys (Apple Inc.)
DRV:64bit: - (BthKicker) -- C:\Windows\SysNative\DRIVERS\BthKicker.sys (Apple Inc.)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes\{3781B725-5CB7-46CE-9DBF-4EBA7B145C37}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: gbeiffzcra%40gbeiffzcra.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 01:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/30 01:35:51 | 000,000,000 | ---D | M]
[2009/06/02 17:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Extensions
[2012/11/22 00:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions
[2011/03/03 19:27:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/02 18:49:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[1618/10/24 08:54:01 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\gbeiffzcra@gbeiffzcra.org.xpi
[2012/12/30 01:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/30 01:35:54 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/15 08:22:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/26 15:51:47 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/01/03 01:46:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000..\Run: [spotify Web Helper] C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D346A8-66EC-4C16-AAE7-577FD2821791}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A45B1322-678A-4533-A3B4-ACF1D2BDCB40}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D016123C-13DE-4E58-9E2F-F66AEDDE2567}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 01:51:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/03 01:46:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/03 01:33:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/03 01:33:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/03 01:33:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/03 01:33:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/03 01:32:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/03 01:03:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\Desktop\RK_Quarantine
[2012/12/31 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/31 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/12/31 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/31 14:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/30 05:56:26 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/30 05:56:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/30 05:56:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll
[2012/12/30 05:56:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/30 05:56:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/30 05:56:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/30 05:56:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/30 05:42:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/30 05:42:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/30 05:42:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/30 05:42:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/30 05:42:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/30 05:42:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/30 05:42:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/30 05:42:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/30 05:42:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/30 05:42:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/30 05:42:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/30 05:42:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/30 05:42:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/30 05:42:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/30 05:42:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/30 05:40:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/12/30 05:40:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/12/30 05:32:35 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/30 05:32:35 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/30 05:32:35 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/30 05:32:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/30 05:30:29 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/12/30 05:30:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/12/30 05:30:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/12/30 05:30:18 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/12/30 05:30:18 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/12/30 05:30:05 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/12/30 05:30:03 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/30 05:30:01 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/12/30 05:30:00 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/12/30 05:30:00 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/12/30 05:30:00 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/12/30 05:30:00 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/12/30 05:29:57 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/30 05:29:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/12/30 05:29:54 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/12/30 05:29:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/30 05:29:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/12/30 05:24:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/30 05:24:11 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/30 05:24:11 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2012/12/30 05:24:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2012/12/30 05:24:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2012/12/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/29 16:32:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/12/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2009/02/11 15:56:21 | 000,240,128 | ---- | C] (PARADOX) -- C:\Users\Sebastien\AppData\Local\royal86.sys
========== Files - Modified Within 30 Days ==========
[2013/01/03 17:53:32 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 17:53:31 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 17:53:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/03 10:36:37 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/03 10:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 01:51:23 | 000,755,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/03 01:51:23 | 000,640,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/03 01:51:23 | 000,118,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/03 01:46:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/03 01:32:40 | 000,003,600 | ---- | M] () -- C:\Users\Sebastien\Desktop\New Rich Text Document.rtf
[2013/01/03 01:07:16 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/01/02 22:36:10 | 000,000,000 | ---- | M] () -- C:\Users\Sebastien\defogger_reenable
[2012/12/31 15:12:05 | 000,046,592 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/31 14:38:38 | 000,888,885 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\census.cache
[2012/12/31 14:37:03 | 000,247,704 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\ars.cache
[2012/12/31 14:31:47 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\z
[2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiuxpag.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atidxx32.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
[2012/12/31 14:10:57 | 000,000,036 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\housecall.guid.cache
[2012/12/30 13:34:10 | 000,238,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/30 06:00:55 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/12/30 05:40:18 | 000,750,820 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/28 23:45:11 | 000,000,318 | ---- | M] () -- C:\Users\Sebastien\Desktop\Curse Client.appref-ms
[2012/12/16 06:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 06:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/16 04:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 03:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013/01/03 01:33:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/03 01:33:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/03 01:33:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/03 01:33:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/03 01:33:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/03 01:04:45 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/01/03 00:53:36 | 000,003,600 | ---- | C] () -- C:\Users\Sebastien\Desktop\New Rich Text Document.rtf
[2013/01/02 22:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\defogger_reenable
[2012/12/31 14:38:38 | 000,888,885 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\census.cache
[2012/12/31 14:37:03 | 000,247,704 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\ars.cache
[2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\z
[2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiuxpag.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atidxx32.dll
[2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
[2012/12/31 14:10:57 | 000,000,036 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\housecall.guid.cache
[2012/12/30 06:00:55 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/12/30 05:56:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/30 05:56:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2011/11/07 02:45:32 | 000,001,459 | ---- | C] () -- C:\Users\Sebastien\.recently-used.xbel
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/11 12:43:32 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{4F732F75-0ACB-43BF-AC4E-96D72D98FEB4}
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/17 00:59:44 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{DF23FC57-6C6E-4647-8178-74E46C221CAC}
[2011/09/16 19:01:45 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{6ABE41A9-50C8-4AA7-B2C0-7EF686D8B3E7}
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/06 02:32:24 | 000,750,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/03 23:17:18 | 000,005,704 | ---- | C] () -- C:\Users\Sebastien\shoppinglistprint.aspx.htm
[2009/06/30 12:51:43 | 000,046,592 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/02 15:44:37 | 000,000,760 | ---- | C] () -- C:\Users\Sebastien\AppData\Roaming\setup_ldm.iss
[2009/02/11 15:56:21 | 000,002,731 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\ASUS.xrm-ms
[2009/02/11 04:39:41 | 000,001,356 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\d3d9caps.dat
[2009/01/15 13:49:30 | 000,002,188 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\d3d9caps64.dat
========== ZeroAccess Check ==========
[2006/11/02 08:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
< End of report >