Bizong Posted February 8, 2012 ID:524698 Share Posted February 8, 2012 Ping.exe keeps starting up even though I keep terminating it with the Task Manager. Also had a "9 News Today" pop up a lot on FirefoxAttached are the DDS and Attach.txtAttach.txtDDS.txt Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524712 Share Posted February 8, 2012 Hello and Unfortunately you have a nasty rootkit on your computer. Please read the following information first.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524905 Share Posted February 8, 2012 I would like to proceed with the cleanup, and I'd like to thank you in advance for taking the time to help me get rid of this.ComboFix 12-02-08.02 - Christian 02/08/2012 14:25:08.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4083 [GMT -5:00]Running from: c:\users\Christian\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Christian\AppData\Local\._Revolution_c:\users\Christian\AppData\Local\assembly\tmpc:\users\Christian\AppData\Roaming\inst.exec:\users\Christian\AppData\Roaming\vso_ts_preview.xmlc:\windows\assembly\GAC_32\Desktop.inic:\windows\assembly\GAC_64\Desktop.inic:\windows\assembly\temp\@c:\windows\assembly\temp\cfg.inic:\windows\system32\consrv.dllc:\windows\System64..((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))..2012-02-08 19:32 . 2012-02-08 19:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-02-08 19:32 . 2012-02-08 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-08 05:24 . 2012-02-08 05:24 -------- d-----w- c:\users\Christian\AppData\Local\BigHugeEngine2012-02-08 05:22 . 2012-02-08 19:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd2012-02-08 05:14 . 2012-02-08 05:14 -------- d-----w- c:\program files (x86)\EA Games2012-02-07 21:45 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF312B06-E1F5-4F89-A0ED-C0E528BE8616}\mpengine.dll2012-02-05 22:29 . 2012-02-06 01:46 -------- d-----w- c:\program files (x86)\World of Warcraft2012-02-03 09:29 . 2012-02-03 09:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll2012-02-03 09:29 . 2012-02-03 09:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll2012-02-02 08:28 . 2012-02-02 09:03 -------- d-----w- c:\users\Christian\AppData\Roaming\DMCache2012-02-02 08:28 . 2012-02-02 08:28 -------- d-----w- c:\program files (x86)\Internet Download Manager2012-02-01 01:43 . 2012-02-08 07:36 -------- d-----w- c:\users\Christian\AppData\Local\Unity2012-01-26 22:46 . 2012-01-26 23:36 -------- dc----w- c:\windows\system32\DRVSTORE2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\program files\Common Files\Apple2012-01-25 01:55 . 2010-11-17 02:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll2012-01-25 01:55 . 2012-01-25 07:53 -------- d-----w- c:\programdata\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files (x86)\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files\HP2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\users\Christian\AppData\Local\BIT.TRIP RUNNER2012-01-22 01:34 . 2012-01-22 01:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\program files (x86)\OpenAL2012-01-18 22:50 . 2012-01-18 23:03 -------- d-----w- c:\users\Christian\.android2012-01-18 22:50 . 2012-01-18 22:50 -------- d-----w- c:\program files (x86)\Android2012-01-18 22:49 . 2012-02-08 19:18 -------- d-----w- c:\users\Christian\AppData\Local\Htc2012-01-18 22:49 . 2012-01-18 22:49 -------- d-----w- c:\program files\Oracle2012-01-18 22:49 . 2012-01-18 23:33 -------- d-----w- c:\users\Christian\AppData\Roaming\HTC2012-01-18 22:47 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-18 22:47 . 2011-11-09 00:40 660368 ----a-w- c:\windows\system32\deployJava1.dll2012-01-18 22:47 . 2012-01-18 22:49 -------- d-----w- c:\program files\Java2012-01-18 22:44 . 2012-01-18 23:22 -------- d-----w- C:\android2012-01-18 22:16 . 2012-01-18 22:16 -------- d-----w- c:\program files (x86)\Spirent Communications2012-01-18 22:16 . 2012-01-18 22:49 -------- d-----w- c:\program files (x86)\HTC2012-01-11 20:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-11 20:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll2012-01-11 20:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-01-11 20:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-01-11 20:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 20:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-01-11 09:36 . 2012-02-02 21:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll2012-01-11 09:36 . 2012-01-11 09:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll2012-01-11 09:36 . 2012-01-11 09:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll2012-01-11 09:36 . 2012-01-11 09:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-27 05:52 . 2010-02-16 11:13 279656 ------w- c:\windows\system32\MpSigStub.exe2012-01-02 08:12 . 2010-04-16 07:54 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe2011-12-10 20:24 . 2010-11-19 03:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-24 04:52 . 2011-12-15 01:16 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-13 19:03 . 2011-10-02 20:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-06-01 1949088]"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-24 399736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Razer Lachesis Driver"="c:\program files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe" [2010-12-02 760720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"LUTManager"="c:\program files (x86)\LUT Manager\LUTManager.exe" [2008-02-06 319488]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-2-3 3530136].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]R3 ALSysIO;ALSysIO;c:\users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [x]R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Christian\Documents\Real Temp\WinRing0x64.sys [2008-07-27 14544]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23].2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"combofix"="c:\combofix\CF29615.3XE" [2010-11-20 345088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsdlaudf_m.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = 127.0.0.1:9421IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000LSP: mswsock.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2747244&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/allFF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)Wow6432Node-HKLM-Run-BrMfcWnd - c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exeWebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exeAddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\SecuROM\License information*]"datasecu"=hex:5e,09,26,c7,7e,c5,30,6a,59,a0,26,4a,9a,13,99,cd,8e,64,56,be,11, f1,f8,59,a9,c2,a4,dd,c2,81,e9,87,ee,a0,10,29,fc,5e,80,98,3d,07,3e,45,66,40,\"rkeysecu"=hex:35,8b,48,80,7c,cc,7e,32,ab,b4,aa,49,da,0a,42,ee.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\SysWOW64\PnkBstrA.exec:\program files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE.**************************************************************************.Completion time: 2012-02-08 14:39:02 - machine was rebootedComboFix-quarantined-files.txt 2012-02-08 19:39.Pre-Run: 522,622,361,600 bytes freePost-Run: 523,177,529,344 bytes free.- - End Of File - - DCDD9FA162B04A2B9F737864ECA35CFF Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524922 Share Posted February 8, 2012 Hi again, it appears we are dealing with a newer rootkit version which has an extra layer of protection.We Need to Run a Batch ScriptPress the Windows Logo in the bottom left corner of your screen.In the box, enter notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into notepad.@echo offregedit /e "%userprofile%\desktop\export.txt" "hkey_local_machine\system\currentcontrolset\services\dlaudf_m"start "%userprofile%\desktop\export.txt"del %0Select File -> Save.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Right click on your desktop, and choose .Press Yes if prompted by User Account Control.When finished a log called export.txt will open, please copy its contents in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524927 Share Posted February 8, 2012 Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dlaudf_m]"Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000000"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00"DisplayName"="Agpcpq""ObjectName"="LocalSystem""Description"=hex(2):41,00,67,00,70,00,63,00,70,00,71,00,00,00[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dlaudf_m\Parameters]"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6c,00,69,00,63,00,65,00,6e,00,73,00,65,00,73,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,2e,00,64,00,6c,00,6c,00,00,00"ServiceDllUnloadOnStop"=dword:00000001 Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524930 Share Posted February 8, 2012 Please go to http://www.virustotal.com and upload the following file: c:\windows\system32\licenseservice.dllPlease link me to the VT scan results. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524933 Share Posted February 8, 2012 https://www.virustotal.com/file/77c3a8a545e7339fb149f20bf0864c7e5772022f4ced67236d8b78d51328dc12/analysis/1328733345/ Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524942 Share Posted February 8, 2012 Lets see if we can now remove it. CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:NetSvc::dlaudf_mDriver::dlaudf_mRootkit::c:\windows\system32\licenseservice.dllSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524963 Share Posted February 8, 2012 ComboFix 12-02-08.02 - Christian 02/08/2012 15:54:34.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3822 [GMT -5:00]Running from: c:\users\Christian\Desktop\ComboFix.exeCommand switches used :: c:\users\Christian\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\assembly\temp\cfg.inic:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_dlaudf_m-------\Service_SPService..((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))..2012-02-08 21:00 . 2012-02-08 21:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-02-08 21:00 . 2012-02-08 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-08 05:24 . 2012-02-08 05:24 -------- d-----w- c:\users\Christian\AppData\Local\BigHugeEngine2012-02-08 05:22 . 2012-02-08 19:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd2012-02-08 05:14 . 2012-02-08 05:14 -------- d-----w- c:\program files (x86)\EA Games2012-02-07 21:45 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF312B06-E1F5-4F89-A0ED-C0E528BE8616}\mpengine.dll2012-02-05 22:29 . 2012-02-06 01:46 -------- d-----w- c:\program files (x86)\World of Warcraft2012-02-03 09:29 . 2012-02-03 09:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll2012-02-03 09:29 . 2012-02-03 09:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll2012-02-02 08:28 . 2012-02-02 09:03 -------- d-----w- c:\users\Christian\AppData\Roaming\DMCache2012-02-02 08:28 . 2012-02-02 08:28 -------- d-----w- c:\program files (x86)\Internet Download Manager2012-02-01 01:43 . 2012-02-08 07:36 -------- d-----w- c:\users\Christian\AppData\Local\Unity2012-01-26 22:46 . 2012-01-26 23:36 -------- dc----w- c:\windows\system32\DRVSTORE2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\program files\Common Files\Apple2012-01-25 01:55 . 2010-11-17 02:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll2012-01-25 01:55 . 2012-01-25 07:53 -------- d-----w- c:\programdata\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files (x86)\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files\HP2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\users\Christian\AppData\Local\BIT.TRIP RUNNER2012-01-22 01:34 . 2012-01-22 01:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\program files (x86)\OpenAL2012-01-18 22:50 . 2012-01-18 23:03 -------- d-----w- c:\users\Christian\.android2012-01-18 22:50 . 2012-01-18 22:50 -------- d-----w- c:\program files (x86)\Android2012-01-18 22:49 . 2012-02-08 19:18 -------- d-----w- c:\users\Christian\AppData\Local\Htc2012-01-18 22:49 . 2012-01-18 22:49 -------- d-----w- c:\program files\Oracle2012-01-18 22:49 . 2012-01-18 23:33 -------- d-----w- c:\users\Christian\AppData\Roaming\HTC2012-01-18 22:47 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-18 22:47 . 2011-11-09 00:40 660368 ----a-w- c:\windows\system32\deployJava1.dll2012-01-18 22:47 . 2012-01-18 22:49 -------- d-----w- c:\program files\Java2012-01-18 22:44 . 2012-01-18 23:22 -------- d-----w- C:\android2012-01-18 22:16 . 2012-01-18 22:16 -------- d-----w- c:\program files (x86)\Spirent Communications2012-01-18 22:16 . 2012-01-18 22:49 -------- d-----w- c:\program files (x86)\HTC2012-01-11 20:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-11 20:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll2012-01-11 20:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-01-11 20:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-01-11 20:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 20:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-01-11 09:36 . 2012-02-02 21:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll2012-01-11 09:36 . 2012-01-11 09:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll2012-01-11 09:36 . 2012-01-11 09:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll2012-01-11 09:36 . 2012-01-11 09:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-27 05:52 . 2010-02-16 11:13 279656 ------w- c:\windows\system32\MpSigStub.exe2012-01-02 08:12 . 2010-04-16 07:54 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe2011-12-10 20:24 . 2010-11-19 03:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-24 04:52 . 2011-12-15 01:16 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-13 19:03 . 2011-10-02 20:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((( SnapShot@2012-02-08_19.33.46 ))))))))))))))))))))))))))))))))))))))))).+ 2012-02-08 05:33 . 2012-02-08 20:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat- 2012-02-08 05:33 . 2012-02-08 06:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2012-02-08 06:05 . 2012-02-08 20:07 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 06:05 . 2012-02-08 06:34 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 05:33 . 2012-02-08 06:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2012-02-08 05:33 . 2012-02-08 20:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2010-02-16 13:53 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-16 13:53 . 2012-02-08 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 11:27 . 2012-02-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-02-08 19:33 . 2012-02-08 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2012-02-08 21:02 . 2012-02-08 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 05:01 . 2012-02-08 19:32 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-02-08 21:01 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:31 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-27 01:45 . 2012-02-08 21:01 37393812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088636791-3136549013-2296628263-1001-12288.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-06-01 1949088]"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-24 399736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Razer Lachesis Driver"="c:\program files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe" [2010-12-02 760720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"LUTManager"="c:\program files (x86)\LUT Manager\LUTManager.exe" [2008-02-06 319488]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-2-3 3530136].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]R3 ALSysIO;ALSysIO;c:\users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [x]R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Christian\Documents\Real Temp\WinRing0x64.sys [2008-07-27 14544]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23].2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"combofix"="c:\combofix\CF14527.3XE" [2010-11-20 345088].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsdlaudf_m.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = 127.0.0.1:9421IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2747244&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/allFF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\SecuROM\License information*]"datasecu"=hex:5e,09,26,c7,7e,c5,30,6a,59,a0,26,4a,9a,13,99,cd,8e,64,56,be,11, f1,f8,59,a9,c2,a4,dd,c2,81,e9,87,ee,a0,10,29,fc,5e,80,98,3d,07,3e,45,66,40,\"rkeysecu"=hex:35,8b,48,80,7c,cc,7e,32,ab,b4,aa,49,da,0a,42,ee.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXEc:\windows\SysWOW64\PnkBstrA.exe.**************************************************************************.Completion time: 2012-02-08 16:07:57 - machine was rebootedComboFix-quarantined-files.txt 2012-02-08 21:07ComboFix2.txt 2012-02-08 19:39.Pre-Run: 523,281,584,128 bytes freePost-Run: 523,199,844,352 bytes free.- - End Of File - - 048EC2329C4317E43C55CF48E73E8D0A Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524971 Share Posted February 8, 2012 Hi, how are things running at this point?CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:DDS::uInternet Settings,ProxyOverride = 127.0.0.1:9421Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524972 Share Posted February 8, 2012 The PING.EXE doesn't seem to be running anymore and i havent gotten that annoying pop-up. So things seem to be looking good.I'll run this and get back with the log. Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524973 Share Posted February 8, 2012 Good to hear that! I'll wait for the log. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524981 Share Posted February 8, 2012 ComboFix 12-02-08.02 - Christian 02/08/2012 16:22:42.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4520 [GMT -5:00]Running from: c:\users\Christian\Desktop\ComboFix.exeCommand switches used :: c:\users\Christian\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))..2012-02-08 21:28 . 2012-02-08 21:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-02-08 21:28 . 2012-02-08 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-08 05:24 . 2012-02-08 05:24 -------- d-----w- c:\users\Christian\AppData\Local\BigHugeEngine2012-02-08 05:22 . 2012-02-08 19:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd2012-02-08 05:14 . 2012-02-08 05:14 -------- d-----w- c:\program files (x86)\EA Games2012-02-07 21:45 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF312B06-E1F5-4F89-A0ED-C0E528BE8616}\mpengine.dll2012-02-05 22:29 . 2012-02-06 01:46 -------- d-----w- c:\program files (x86)\World of Warcraft2012-02-03 09:29 . 2012-02-03 09:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll2012-02-03 09:29 . 2012-02-03 09:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll2012-02-02 08:28 . 2012-02-02 09:03 -------- d-----w- c:\users\Christian\AppData\Roaming\DMCache2012-02-02 08:28 . 2012-02-02 08:28 -------- d-----w- c:\program files (x86)\Internet Download Manager2012-02-01 01:43 . 2012-02-08 07:36 -------- d-----w- c:\users\Christian\AppData\Local\Unity2012-01-26 22:46 . 2012-01-26 23:36 -------- dc----w- c:\windows\system32\DRVSTORE2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\program files\Common Files\Apple2012-01-25 01:55 . 2010-11-17 02:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll2012-01-25 01:55 . 2012-01-25 07:53 -------- d-----w- c:\programdata\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files (x86)\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files\HP2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\users\Christian\AppData\Local\BIT.TRIP RUNNER2012-01-22 01:34 . 2012-01-22 01:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\program files (x86)\OpenAL2012-01-18 22:50 . 2012-01-18 23:03 -------- d-----w- c:\users\Christian\.android2012-01-18 22:50 . 2012-01-18 22:50 -------- d-----w- c:\program files (x86)\Android2012-01-18 22:49 . 2012-02-08 21:03 -------- d-----w- c:\users\Christian\AppData\Local\Htc2012-01-18 22:49 . 2012-01-18 22:49 -------- d-----w- c:\program files\Oracle2012-01-18 22:49 . 2012-01-18 23:33 -------- d-----w- c:\users\Christian\AppData\Roaming\HTC2012-01-18 22:47 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-18 22:47 . 2011-11-09 00:40 660368 ----a-w- c:\windows\system32\deployJava1.dll2012-01-18 22:47 . 2012-01-18 22:49 -------- d-----w- c:\program files\Java2012-01-18 22:44 . 2012-01-18 23:22 -------- d-----w- C:\android2012-01-18 22:16 . 2012-01-18 22:16 -------- d-----w- c:\program files (x86)\Spirent Communications2012-01-18 22:16 . 2012-01-18 22:49 -------- d-----w- c:\program files (x86)\HTC2012-01-11 20:57 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2012-01-11 20:57 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-01-11 20:57 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll2012-01-11 20:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2012-01-11 20:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-01-11 20:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 20:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2012-01-11 09:36 . 2012-02-02 21:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll2012-01-11 09:36 . 2012-01-11 09:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll2012-01-11 09:36 . 2012-01-11 09:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll2012-01-11 09:36 . 2012-01-11 09:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-27 05:52 . 2010-02-16 11:13 279656 ------w- c:\windows\system32\MpSigStub.exe2012-01-02 08:12 . 2010-04-16 07:54 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe2011-12-10 20:24 . 2010-11-19 03:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-24 04:52 . 2011-12-15 01:16 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-13 19:03 . 2011-10-02 20:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((( SnapShot@2012-02-08_19.33.46 ))))))))))))))))))))))))))))))))))))))))).+ 2012-02-08 05:33 . 2012-02-08 20:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat- 2012-02-08 05:33 . 2012-02-08 06:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2012-02-08 06:05 . 2012-02-08 20:07 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 06:05 . 2012-02-08 06:34 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 05:33 . 2012-02-08 06:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2012-02-08 05:33 . 2012-02-08 20:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2009-07-14 05:10 . 2012-02-08 21:05 27786 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-02-16 11:40 . 2012-02-08 21:05 18594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088636791-3136549013-2296628263-1001_UserData.bin+ 2010-02-16 13:53 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 13:53 . 2012-02-08 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 11:27 . 2012-02-08 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-02-08 19:33 . 2012-02-08 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-02-08 21:02 . 2012-02-08 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2012-02-08 19:33 . 2012-02-08 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2012-02-08 21:02 . 2012-02-08 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:01 . 2012-02-08 21:01 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-02-08 19:32 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:31 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-27 01:45 . 2012-02-08 21:01 37393812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088636791-3136549013-2296628263-1001-12288.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-06-01 1949088]"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-24 399736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Razer Lachesis Driver"="c:\program files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe" [2010-12-02 760720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"LUTManager"="c:\program files (x86)\LUT Manager\LUTManager.exe" [2008-02-06 319488]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-2-3 3530136].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]R3 ALSysIO;ALSysIO;c:\users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [x]R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Christian\Documents\Real Temp\WinRing0x64.sys [2008-07-27 14544]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23].2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsdlaudf_m.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2747244&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/allFF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\SecuROM\License information*]"datasecu"=hex:5e,09,26,c7,7e,c5,30,6a,59,a0,26,4a,9a,13,99,cd,8e,64,56,be,11, f1,f8,59,a9,c2,a4,dd,c2,81,e9,87,ee,a0,10,29,fc,5e,80,98,3d,07,3e,45,66,40,\"rkeysecu"=hex:35,8b,48,80,7c,cc,7e,32,ab,b4,aa,49,da,0a,42,ee.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-02-08 16:29:48ComboFix-quarantined-files.txt 2012-02-08 21:29ComboFix2.txt 2012-02-08 21:07ComboFix3.txt 2012-02-08 19:39.Pre-Run: 523,252,580,352 bytes freePost-Run: 523,189,723,136 bytes free.- - End Of File - - ABFB104226A13BBD19FCA5A8EFF5381D Link to post Share on other sites More sharing options...
Elise Posted February 8, 2012 ID:524985 Share Posted February 8, 2012 That is looking good indeed. P2P WARNING-------------------Going over your logs I noticed that you have uTorrent installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Download the latest version of Java Runtime Environment (JRE) Version 7u2.Look for "JDK 7u2 (JDK or JRE).Click the "Download JRE" button at the right.Read the License Agreement, and then check the box that says: "Accept License Agreement".Select "Windows x86 Offline" and click on jre-7-windows-i586.exe [*]Save it to your desktop[*]Close any programs you may have running - especially your web browser.[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).[*]Reboot your computer once all Java components are removed.[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.Please launch MBAM, update it and run a full scan. Post me the resulting log. Link to post Share on other sites More sharing options...
Bizong Posted February 8, 2012 Author ID:524993 Share Posted February 8, 2012 Ok, I've updated Java and am now running a Full Scan which will probably take a good 30mins or so. I'm running to the store for a bit, so I'll post the log when i get back.I'd like to thank you again for your awesome work, I will browse the internet much safer from now on. Link to post Share on other sites More sharing options...
Bizong Posted February 9, 2012 Author ID:525105 Share Posted February 9, 2012 Malwarebytes Anti-Malware (Trial) 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.08.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Christian :: CHRISTIAN-PC [administrator]Protection: Enabled2/8/2012 4:47:01 PMmbam-log-2012-02-08 (16-47-01).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 610393Time elapsed: 58 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.Dll.vir (Trojan.Proxy) -> Quarantined and deleted successfully.C:\Windows\assembly\temp\U\000000cf.@ (Trojan.Agent) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Elise Posted February 9, 2012 ID:525134 Share Posted February 9, 2012 That looks good now! Lets do one last scan before calling it clean.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
Bizong Posted February 10, 2012 Author ID:525573 Share Posted February 10, 2012 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantinedC:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1d5a503-38f7632c probably a variant of Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantinedC:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\71148de3-5f4b0c26 Java/TrojanDownloader.OpenStream.NAS trojan deleted - quarantinedC:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Elise Posted February 10, 2012 ID:525577 Share Posted February 10, 2012 I see I forgot to remove one object here.CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:NetSvc::dlaudf_mSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 10, 2012 Author ID:525591 Share Posted February 10, 2012 ComboFix 12-02-08.02 - Christian 02/10/2012 16:43:07.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3719 [GMT -5:00]Running from: c:\users\Christian\Desktop\ComboFix.exeCommand switches used :: c:\users\Christian\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))..2012-02-10 21:49 . 2012-02-10 21:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-02-10 21:49 . 2012-02-10 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp2012-02-10 10:15 . 2012-02-10 10:15 -------- d-----w- c:\program files (x86)\ESET2012-02-08 21:45 . 2012-02-08 21:45 -------- d-----w- c:\program files (x86)\Common Files\Java2012-02-08 21:45 . 2012-02-08 21:45 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2012-02-08 05:24 . 2012-02-08 05:24 -------- d-----w- c:\users\Christian\AppData\Local\BigHugeEngine2012-02-08 05:22 . 2012-02-08 19:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd2012-02-07 21:45 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF312B06-E1F5-4F89-A0ED-C0E528BE8616}\mpengine.dll2012-02-05 22:29 . 2012-02-06 01:46 -------- d-----w- c:\program files (x86)\World of Warcraft2012-02-03 09:29 . 2012-02-03 09:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll2012-02-03 09:29 . 2012-02-03 09:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll2012-02-02 08:28 . 2012-02-02 09:03 -------- d-----w- c:\users\Christian\AppData\Roaming\DMCache2012-02-02 08:28 . 2012-02-02 08:28 -------- d-----w- c:\program files (x86)\Internet Download Manager2012-02-01 01:43 . 2012-02-08 07:36 -------- d-----w- c:\users\Christian\AppData\Local\Unity2012-01-26 22:46 . 2012-01-26 23:36 -------- dc----w- c:\windows\system32\DRVSTORE2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2012-01-26 22:46 . 2012-01-26 22:46 -------- d-----w- c:\program files\Common Files\Apple2012-01-25 01:55 . 2010-11-17 02:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll2012-01-25 01:55 . 2012-01-25 07:53 -------- d-----w- c:\programdata\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files (x86)\HP2012-01-25 01:55 . 2012-01-25 01:55 -------- d-----w- c:\program files\HP2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\users\Christian\AppData\Local\BIT.TRIP RUNNER2012-01-22 01:34 . 2012-01-22 01:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2012-01-22 01:34 . 2012-01-22 01:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll2012-01-22 01:34 . 2012-01-22 01:34 -------- d-----w- c:\program files (x86)\OpenAL2012-01-18 22:50 . 2012-01-18 23:03 -------- d-----w- c:\users\Christian\.android2012-01-18 22:50 . 2012-01-18 22:50 -------- d-----w- c:\program files (x86)\Android2012-01-18 22:49 . 2012-02-10 10:06 -------- d-----w- c:\users\Christian\AppData\Local\Htc2012-01-18 22:49 . 2012-01-18 23:33 -------- d-----w- c:\users\Christian\AppData\Roaming\HTC2012-01-18 22:47 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll2012-01-18 22:47 . 2011-11-09 00:40 660368 ----a-w- c:\windows\system32\deployJava1.dll2012-01-18 22:44 . 2012-01-18 23:22 -------- d-----w- C:\android2012-01-18 22:16 . 2012-01-18 22:16 -------- d-----w- c:\program files (x86)\Spirent Communications2012-01-18 22:16 . 2012-01-18 22:49 -------- d-----w- c:\program files (x86)\HTC...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-08 21:45 . 2010-05-20 00:05 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-01-27 05:52 . 2010-02-16 11:13 279656 ------w- c:\windows\system32\MpSigStub.exe2012-01-02 08:12 . 2010-04-16 07:54 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe2011-12-10 20:24 . 2010-11-19 03:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-24 04:52 . 2011-12-15 01:16 3145216 ----a-w- c:\windows\system32\win32k.sys2011-11-19 14:58 . 2012-01-11 20:57 77312 ----a-w- c:\windows\system32\packager.dll2011-11-19 14:01 . 2012-01-11 20:57 67072 ----a-w- c:\windows\SysWow64\packager.dll2011-11-17 06:41 . 2012-01-11 20:57 1731920 ----a-w- c:\windows\system32\ntdll.dll2011-11-17 05:38 . 2012-01-11 20:57 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll2011-11-13 19:03 . 2011-10-02 20:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((( SnapShot@2012-02-08_19.33.46 ))))))))))))))))))))))))))))))))))))))))).- 2012-02-08 05:33 . 2012-02-08 06:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2012-02-08 05:33 . 2012-02-08 20:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2012-02-08 06:05 . 2012-02-08 20:07 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 06:05 . 2012-02-08 06:34 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012020820120209\index.dat- 2012-02-08 05:33 . 2012-02-08 06:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2012-02-08 05:33 . 2012-02-08 20:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2010-02-16 11:56 . 2012-02-10 10:08 55936 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-02-10 10:08 27842 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-02-16 11:40 . 2012-02-10 10:08 18610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088636791-3136549013-2296628263-1001_UserData.bin+ 2010-02-16 13:53 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 13:53 . 2012-02-08 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-16 13:53 . 2012-02-08 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-02-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 11:27 . 2012-02-10 10:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-10 10:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-10 10:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-02-16 11:27 . 2012-02-10 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-02-16 11:27 . 2012-02-10 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-02-16 11:27 . 2012-02-08 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-02-08 19:33 . 2012-02-08 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-02-10 10:05 . 2012-02-10 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-02-10 10:05 . 2012-02-10 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-02-08 19:33 . 2012-02-08 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2012-02-08 21:45 . 2012-02-08 21:45 223112 c:\windows\SysWOW64\javaws.exe+ 2012-02-08 21:45 . 2012-02-08 21:45 173960 c:\windows\SysWOW64\javaw.exe+ 2012-02-08 21:45 . 2012-02-08 21:45 173960 c:\windows\SysWOW64\java.exe+ 2009-07-14 04:54 . 2012-02-08 20:59 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2012-02-08 20:59 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:01 . 2012-02-09 18:39 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-02-08 19:32 485316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2012-02-08 21:45 . 2012-02-08 21:45 179200 c:\windows\Installer\27374.msi+ 2012-02-08 21:44 . 2012-02-08 21:44 941568 c:\windows\Installer\2736d.msi+ 2009-07-14 04:54 . 2012-02-08 20:59 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-02-08 19:31 4980736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-02-27 01:45 . 2012-02-09 18:39 37393812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088636791-3136549013-2296628263-1001-12288.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-06-01 1949088]"Akamai NetSession Interface"="c:\users\Christian\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-01-24 399736].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Razer Lachesis Driver"="c:\program files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe" [2010-12-02 760720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"LUTManager"="c:\program files (x86)\LUT Manager\LUTManager.exe" [2008-02-06 319488]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296].c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2012-2-3 3530136].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-02 8704]R3 ALSysIO;ALSysIO;c:\users\CHRIST~1\AppData\Local\Temp\ALSysIO64.sys [x]R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 136176]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Christian\Documents\Real Temp\WinRing0x64.sys [2008-07-27 14544]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23].2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-15 02:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsdlaudf_m.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = 127.0.0.1:9421IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2747244&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/r/allFF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)AddRemove-Wurm Online 3.0.1 [unstable] - c:\windows\system32\javaws.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\SecuROM\License information*]"datasecu"=hex:5e,09,26,c7,7e,c5,30,6a,59,a0,26,4a,9a,13,99,cd,8e,64,56,be,11, f1,f8,59,a9,c2,a4,dd,c2,81,e9,87,ee,a0,10,29,fc,5e,80,98,3d,07,3e,45,66,40,\"rkeysecu"=hex:35,8b,48,80,7c,cc,7e,32,ab,b4,aa,49,da,0a,42,ee.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-02-10 16:49:58ComboFix-quarantined-files.txt 2012-02-10 21:49ComboFix2.txt 2012-02-08 21:29ComboFix3.txt 2012-02-08 21:07ComboFix4.txt 2012-02-08 19:39.Pre-Run: 531,449,970,688 bytes freePost-Run: 531,395,969,024 bytes free.- - End Of File - - D413016CD6A633CDC0317EDC4B8F4F9C Link to post Share on other sites More sharing options...
Elise Posted February 11, 2012 ID:525677 Share Posted February 11, 2012 That doesn't seem to have had any effect. To be sure, can you rerun the steps in post #4 of this topic. Link to post Share on other sites More sharing options...
Bizong Posted February 13, 2012 Author ID:526509 Share Posted February 13, 2012 The steps in post #4 aren't producing a log at all. I've tried a few times now. Link to post Share on other sites More sharing options...
Elise Posted February 13, 2012 ID:526517 Share Posted February 13, 2012 In that case, try this:OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Click the NONE button.[*]Copy and Paste the following code into the textbox.netsvcs[*]Push [*]A report will open. Copy and Paste that report in your next reply. Link to post Share on other sites More sharing options...
Bizong Posted February 15, 2012 Author ID:526851 Share Posted February 15, 2012 OTL logfile created on: 2/14/2012 7:10:43 PM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.99 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.67% Memory free11.98 Gb Paging File | 9.35 Gb Available in Paging File | 78.05% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.41 Gb Total Space | 491.23 Gb Free Space | 52.74% Space Free | Partition Type: NTFSDrive D: | 149.01 Gb Total Space | 11.37 Gb Free Space | 7.63% Space Free | Partition Type: NTFSDrive F: | 931.51 Gb Total Space | 241.81 Gb Free Space | 25.96% Space Free | Partition Type: NTFSDrive G: | 1.30 Gb Total Space | 1.23 Gb Free Space | 95.18% Space Free | Partition Type: FAT32Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/02/14 19:09:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exePRC - [2012/02/12 04:30:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2012/02/03 04:29:52 | 003,530,136 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exePRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Christian\AppData\Local\Akamai\netsession_win.exePRC - [2012/01/24 01:31:44 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exePRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/10/24 21:39:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2011/09/22 17:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exePRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exePRC - [2011/08/01 20:16:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exePRC - [2011/04/28 21:40:20 | 000,095,656 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exePRC - [2010/12/02 09:18:56 | 000,760,720 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exePRC - [2010/10/27 20:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exePRC - [2009/11/11 10:55:36 | 001,257,472 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exePRC - [2008/11/29 05:59:40 | 001,252,352 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exePRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe========== Modules (No Company Name) ==========MOD - [2012/02/14 15:26:04 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2012/02/14 15:26:04 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dllMOD - [2012/02/14 15:26:04 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2012/02/14 15:26:04 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dllMOD - [2012/02/14 15:26:04 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dllMOD - [2012/02/12 04:30:39 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2011/11/13 14:03:46 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllMOD - [2010/12/02 09:18:58 | 000,014,208 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis 5600\RzHook.dllMOD - [2010/10/27 20:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dllMOD - [2010/10/27 20:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dllMOD - [2010/10/27 20:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dllMOD - [2010/10/27 20:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dllMOD - [2010/10/27 20:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dllMOD - [2010/10/27 20:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dllMOD - [2010/10/27 20:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dllMOD - [2010/10/27 20:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dllMOD - [2010/10/27 20:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dllMOD - [2010/10/27 20:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dllMOD - [2010/10/27 20:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dllMOD - [2009/09/18 09:01:36 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_masstag.dllMOD - [2009/05/19 21:45:18 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_out_wasapi.dllMOD - [2009/05/11 18:01:13 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dllMOD - [2009/03/06 17:05:06 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_panel_splitter.dllMOD - [2009/02/21 06:36:52 | 000,275,968 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_lastfm_radio.dllMOD - [2009/02/11 16:44:52 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_run.dllMOD - [2009/02/08 11:58:33 | 001,265,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_columns.dllMOD - [2009/02/02 12:58:44 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_tabs.dllMOD - [2009/01/05 14:44:56 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_menu_addons.dllMOD - [2009/01/03 11:04:18 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_skip.dllMOD - [2008/12/12 04:39:20 | 000,365,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_lyrics.dllMOD - [2008/12/10 16:57:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_elplaylist.dllMOD - [2008/12/01 06:49:43 | 000,227,328 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_vis_shpeck.dllMOD - [2008/11/29 05:59:40 | 001,252,352 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exeMOD - [2008/11/29 05:59:04 | 001,272,320 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dllMOD - [2008/11/29 05:58:44 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dllMOD - [2008/11/29 05:58:38 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dllMOD - [2008/11/29 05:58:34 | 000,422,400 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dllMOD - [2008/11/29 05:58:26 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dllMOD - [2008/11/29 05:58:24 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dllMOD - [2008/11/29 05:57:26 | 000,146,432 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dllMOD - [2008/11/23 10:34:37 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_playcount.dllMOD - [2008/10/21 01:16:24 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_playback_custom.dllMOD - [2008/09/20 11:57:32 | 000,168,960 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_wsh_panel.dllMOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exeMOD - [2008/06/13 17:42:55 | 000,143,872 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_exvar.dllMOD - [2008/05/17 21:02:12 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_vis_channel_spectrum.dllMOD - [2008/04/21 02:58:08 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_winamp_ipc.dllMOD - [2008/04/19 14:37:53 | 000,586,240 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_graphical_browser.dllMOD - [2008/04/16 16:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dllMOD - [2008/04/16 16:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dllMOD - [2008/04/16 16:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dllMOD - [2008/04/16 16:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dllMOD - [2008/04/16 16:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dllMOD - [2008/04/13 17:16:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_chronflow.dllMOD - [2008/04/02 13:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dllMOD - [2008/04/02 13:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dllMOD - [2008/04/02 13:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dllMOD - [2007/08/16 14:08:42 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_runcmd.dllMOD - [2007/06/08 08:58:42 | 000,232,448 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_albumlist.dllMOD - [2007/05/18 07:31:10 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_quicksearch.dllMOD - [2007/01/05 06:36:20 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_uie_trackinfo_mod.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2009/07/13 20:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)SRV - [2012/02/10 15:23:26 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/12/01 21:00:18 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)SRV - [2011/11/19 17:21:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/10/24 21:39:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2011/09/22 17:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)SRV - [2011/09/22 15:29:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)SRV - [2011/08/15 09:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2011/01/17 23:01:40 | 000,030,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Gun64.sys -- (Gun)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)DRV:64bit: - [2010/06/12 19:27:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2010/02/16 06:24:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)DRV:64bit: - [2009/10/19 17:10:54 | 001,257,472 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)DRV:64bit: - [2009/10/16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)DRV:64bit: - [2009/05/20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Christian\My Documents\Real Temp\WinRing0x64.sys -- (WinRing0_1_2_0)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421IE - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 55 12 C3 F8 39 CC 01 [binary data]IE - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421========== FireFox ==========FF - prefs.js..browser.search.defaultthis.engineName: "T2Darlantan Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2747244&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.order.3: "Google"FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/r/all"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1FF - prefs.js..extensions.enabledItems: {36b318da-5ac7-4b6b-b46a-3eff9b3ac637}:3.3.2.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not foundFF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not foundFF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not foundFF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not foundFF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/12 04:30:39 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/08 16:45:29 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2011/05/04 18:20:50 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\pluginsFF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Christian\AppData\Roaming\IDM\idmmzcc5[2010/02/16 06:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions[2012/02/13 01:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions[2011/11/19 20:20:06 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}[2011/12/24 14:41:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2012/02/13 01:38:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}[2011/04/14 17:05:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\engine@conduit.com[2011/11/19 20:22:59 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\rikaichan-jpen@polarcloud.com[2011/11/19 20:22:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\extensions\rikaichan-jpnames@polarcloud.com[2010/09/13 16:03:02 | 000,000,925 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\1tnvxjn6.default\searchplugins\conduit.xml[2012/01/11 04:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/10/18 20:01:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1TNVXJN6.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1TNVXJN6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1TNVXJN6.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI() (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1TNVXJN6.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI[2012/02/12 04:30:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2010/02/20 08:46:50 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll[2011/10/18 01:52:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/11/10 14:36:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2012/02/08 16:02:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not foundO2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.O3 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()O4 - HKLM..\Run: [LUTManager] C:\Program Files (x86)\LUT Manager\LUTManager.exe (Nixz Software)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)O4 - HKLM..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe (Razer USA Ltd)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001..\Run: [Akamai NetSession Interface] C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1008..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-1088636791-3136549013-2296628263-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not foundO10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not foundO10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not foundO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E47232-8A90-465D-8DBF-E21C0421A46A}: NameServer = 8.8.8.8,8.8.4.4O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/02/14 19:09:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe[2012/02/10 23:58:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/02/10 16:50:00 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/02/10 16:42:15 | 000,000,000 | ---D | C] -- C:\ComboFix[2012/02/10 05:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2012/02/08 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2012/02/08 16:45:29 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll[2012/02/08 16:45:29 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2012/02/08 16:45:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2012/02/08 16:45:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2012/02/08 14:23:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/02/08 14:23:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/02/08 14:23:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/02/08 14:23:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/02/08 14:23:27 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/02/08 14:23:12 | 004,399,064 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe[2012/02/08 01:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/02/08 00:24:56 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\BigHugeEngine[2012/02/05 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft[2012/02/02 03:28:38 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DMCache[2012/02/02 03:28:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager[2012/02/02 03:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager[2012/02/02 03:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager[2012/01/31 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Unity[2012/01/26 17:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE[2012/01/26 17:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}[2012/01/26 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple[2012/01/25 14:34:23 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2012/01/25 14:34:23 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll[2012/01/25 14:34:23 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll[2012/01/25 14:34:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll[2012/01/25 14:34:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll[2012/01/25 14:34:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll[2012/01/24 20:55:13 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM9311.dll[2012/01/24 20:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP[2012/01/24 20:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP[2012/01/24 20:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP[2012/01/24 20:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP[2012/01/21 20:34:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\BIT.TRIP RUNNER[2012/01/21 20:34:27 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2012/01/21 20:34:27 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2012/01/21 20:34:27 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll[2012/01/21 20:34:27 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll[2012/01/21 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL[2012/01/18 18:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync[2012/01/18 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1[2012/01/18 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\.android[2012/01/18 17:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools[2012/01/18 17:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android[2012/01/18 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Htc[2012/01/18 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\HTC[2012/01/18 17:47:29 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll[2012/01/18 17:47:29 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll[2012/01/18 17:44:44 | 000,000,000 | ---D | C] -- C:\android[2012/01/18 17:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC[2012/01/18 17:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications[2012/01/18 17:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC[2010/12/19 19:54:35 | 002,593,360 | ---- | C] (Beepa Pty Ltd) -- C:\Users\Christian\AppData\Roaming\Fraps v3.2.3.exe[2010/06/12 19:27:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Christian\AppData\Roaming\pcouffin.sys[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/02/14 19:09:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe[2012/02/14 19:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/02/14 16:02:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/02/14 15:33:20 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/02/14 15:33:20 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/02/14 15:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/02/14 15:24:40 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys[2012/02/13 03:05:36 | 932,519,311 | ---- | M] () -- C:\Users\Christian\Desktop\Californication.S05E06.720p.HDTV.x264-IMMERSE.mkv[2012/02/13 00:00:00 | 1285,896,909 | ---- | M] () -- C:\Users\Christian\Desktop\shameless.us.s02e06.720p.hdtv.x264-orenji.mkv[2012/02/12 17:13:57 | 000,792,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/02/12 17:13:57 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/02/12 17:13:57 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/02/08 16:45:28 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll[2012/02/08 16:45:28 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll[2012/02/08 16:45:28 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2012/02/08 16:45:28 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2012/02/08 16:45:28 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2012/02/08 16:02:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/02/08 14:33:44 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd[2012/02/08 14:22:29 | 004,399,064 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe[2012/02/04 00:18:52 | 1433,164,791 | ---- | M] () -- C:\Users\Christian\Desktop\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.mkv[2012/02/03 04:29:56 | 000,042,392 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll[2012/02/03 04:29:56 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll[2012/02/02 16:12:55 | 000,002,042 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012/01/21 20:34:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll[2012/01/21 20:34:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll[2012/01/21 20:34:27 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll[2012/01/21 20:34:27 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/02/12 23:52:22 | 932,519,311 | ---- | C] () -- C:\Users\Christian\Desktop\Californication.S05E06.720p.HDTV.x264-IMMERSE.mkv[2012/02/12 23:51:58 | 1285,896,909 | ---- | C] () -- C:\Users\Christian\Desktop\shameless.us.s02e06.720p.hdtv.x264-orenji.mkv[2012/02/08 14:23:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/02/08 14:23:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/02/08 14:23:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/02/08 14:23:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/02/08 14:23:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/08 00:22:46 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd[2012/02/06 01:52:26 | 1433,164,791 | ---- | C] () -- C:\Users\Christian\Desktop\Spartacus.S02E02.720p.HDTV.X264-DIMENSION.mkv[2012/02/03 04:29:56 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll[2012/02/03 04:29:56 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll[2012/01/20 00:05:10 | 1568,148,435 | ---- | C] () -- C:\Users\Christian\Desktop\f-warrior.repack.720.mkv[2012/01/02 03:12:17 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat[2011/11/07 19:56:41 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat[2011/10/19 11:53:42 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini[2011/10/19 11:53:42 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini[2011/10/19 11:53:41 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI[2011/10/19 11:53:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI[2011/10/19 11:53:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll[2011/08/13 22:25:36 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grapher[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Galaxy Swirl[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Galactic Static[2011/08/13 22:10:26 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Funk Animals[2011/08/13 22:10:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT[2011/08/13 22:10:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT[2011/08/13 22:10:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT[2011/08/07 02:57:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/08/01 19:58:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat[2011/07/07 19:33:56 | 000,045,286 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\room_v3.dat[2011/05/29 15:49:42 | 000,193,192 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[2011/04/18 22:39:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/01/09 19:28:51 | 000,007,168 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/06/12 19:27:47 | 000,007,859 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\pcouffin.cat[2010/06/12 19:27:47 | 000,001,167 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\pcouffin.inf[2010/05/25 06:52:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini[2010/05/25 06:44:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI[2010/04/27 05:41:42 | 000,000,097 | ---- | C] () -- C:\Users\Christian\AppData\Local\fusioncache.dat[2010/04/27 05:40:00 | 000,786,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2010/04/16 02:55:31 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat[2010/04/16 02:54:31 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat[2010/04/16 02:54:29 | 000,850,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe[2010/04/16 02:54:29 | 000,015,613 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat[2010/02/23 09:05:04 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2010/02/23 09:05:03 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe[2010/02/23 09:05:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2010/02/16 06:26:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2010/02/16 06:25:17 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe[2010/02/16 06:25:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll[2010/02/16 06:25:17 | 000,000,062 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini[2010/02/16 06:25:15 | 000,046,237 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl[2010/02/16 06:25:05 | 000,001,010 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi[2010/02/16 06:25:02 | 000,005,024 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg[2010/02/16 06:25:02 | 000,000,486 | ---- | C] () -- C:\Windows\cmudaxp.ini[2010/02/16 06:20:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe< End of report > Link to post Share on other sites More sharing options...
Elise Posted February 15, 2012 ID:526930 Share Posted February 15, 2012 Please rerun the steps, but this time, do it as I instructed as I need to see this particular output. Click the NONE button.Copy and Paste the following code into the textbox.netsvcsPush the Run Scan button Link to post Share on other sites More sharing options...
Recommended Posts