Trojan.Dropper.BCMiner/Rootkit.0Access

Isaac105 · August 5, 2012

MBAM has caught an infection from Rootkit.0Access and Trojan.Dropper.BCMiner malware that it doesn't seem to be able to permanently remove. The malware reinstalls itself nearly immediately from what I can tell even though MalwareBytes claims to have successfully quarantined and deleted it. Posting the logs per instruction:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Isaac :: ISAAC-PC [administrator]

Protection: Enabled

8/5/2012 12:09:34 AM

mbam-log-2012-08-05 (00-09-34).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 216613

Time elapsed: 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Attach.txt

Maniac · August 5, 2012

Hello Isaac105 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Isaac105 · August 5, 2012

Thank you Maniac for taking the time to help me with this problem. Here are the contents of the OTL.Txt followed by the Extras.Txt:

OTL logfile created on: 8/5/2012 12:17:21 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Isaac\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.48% Memory free

15.83 Gb Paging File | 13.06 Gb Available in Paging File | 82.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.54 Gb Total Space | 388.23 Gb Free Space | 55.58% Space Free | Partition Type: NTFS

Drive E: | 591.29 Gb Total Space | 86.60 Gb Free Space | 14.65% Space Free | Partition Type: NTFS

Drive J: | 322.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 12:16:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Isaac\Downloads\OTL.exe

PRC - [2012/08/04 18:59:37 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/14 10:54:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/02/16 14:19:35 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe

PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

PRC - [2011/04/12 16:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/02 01:34:12 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/02 01:34:10 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/02 01:34:08 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/02 01:34:06 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/02 01:34:04 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/07/30 23:36:14 | 000,442,392 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll

MOD - [2012/07/30 23:36:13 | 012,235,288 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll

MOD - [2012/07/30 23:36:12 | 003,997,720 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll

MOD - [2012/07/30 23:34:57 | 000,526,872 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll

MOD - [2012/07/30 23:34:55 | 000,104,984 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll

MOD - [2012/07/30 23:34:45 | 000,144,424 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll

MOD - [2012/07/30 23:34:43 | 000,266,792 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll

MOD - [2012/07/30 23:34:42 | 002,480,680 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll

MOD - [2012/06/06 18:42:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll

MOD - [2012/06/06 18:40:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll

MOD - [2012/06/06 18:40:10 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll

MOD - [2012/06/06 18:40:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll

MOD - [2012/06/06 18:39:54 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll

MOD - [2012/06/06 18:39:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll

MOD - [2012/06/06 18:39:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll

MOD - [2012/06/06 18:39:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll

MOD - [2012/06/06 18:39:38 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll

MOD - [2012/06/06 18:39:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll

MOD - [2012/06/06 18:39:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 11:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/07/04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/19 19:22:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/14 10:54:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe -- (WCUService)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/11 12:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/06/11 10:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/06/04 00:24:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/02/16 14:40:36 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2012/02/16 14:19:35 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/02/09 00:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011/07/07 17:05:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)

DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)

DRV:64bit: - [2011/04/21 12:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/14 21:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/31 16:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK

IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes\{9C4BB080-4DDA-4217-A796-D386DAFF03BC}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}

IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Isaac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/31 17:36:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/31 17:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Extensions

[2012/03/31 17:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: chrome-internal:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: chrome-internal:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Isaac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Turn Off the Lights = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.2_0\

CHR - Extension: Turn Off the Lights = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\

CHR - Extension: YouTube = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\1.2.1_0\

CHR - Extension: Google Search = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: Cut the Rope = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\

CHR - Extension: TinEye Reverse Image Search = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\

CHR - Extension: Steamgifts Enhancement Addon = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkplieclhgncoiionlliincopnejllo\2.0_0\

CHR - Extension: Hover Zoom = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.5_0\

CHR - Extension: Battlefield 3 = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\

CHR - Extension: Gmail = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)

O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found

O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [zASRockInstantBoot] File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCEC6F6B-53BF-4F4B-BC9C-8D400ACAD85C}: DhcpNameServer = 24.116.2.50 24.116.2.34

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/28 10:57:34 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]

O32 - AutoRun File - [2008/04/01 14:53:24 | 000,000,071 | -H-- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2012/08/04 11:51:46 | 000,000,076 | R--- | M] () - J:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}\Shell - "" = AutoRun

O33 - MountPoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}\Shell\AutoRun\command - "" = J:\Setup.exe -- [2012/08/04 14:27:36 | 332,970,496 | R--- | M] ()

O33 - MountPoints2\{e84e4fce-c15e-11e1-9575-bc5ff41ac965}\Shell - "" = AutoRun

O33 - MountPoints2\{e84e4fce-c15e-11e1-9575-bc5ff41ac965}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 00:18:29 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\RK_Quarantine

[2012/08/04 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\rkill-backup

[2012/08/04 22:44:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Isaac\Desktop\HijackThis.exe

[2012/08/04 17:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock

[2012/08/04 17:34:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/08/04 17:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Entertainment

[2012/08/04 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Entertainment

[2012/07/30 10:47:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/29 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Mount&Blade Warband Savegames

[2012/07/29 20:12:53 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Mount&Blade Warband

[2012/07/29 20:12:52 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade Warband

[2012/07/29 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Local\CrashRpt

[2012/07/29 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\JC2MP

[2012/07/23 12:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/07/23 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/07/23 12:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/07/19 13:47:36 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Remedy

[2012/07/19 12:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment

[2012/07/19 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment

[2012/07/16 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Square Enix

[2012/07/15 20:08:57 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\DarknessII

[2012/07/15 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Local\ApplicationHistory

[2012/07/15 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bagatrix

[2012/07/15 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagatrix

[2012/07/15 17:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2012/07/15 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Math Programs

[2012/07/15 17:49:16 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\U3

[2012/07/14 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\SEGA

[2012/07/13 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\2K Sports

[2012/07/13 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports

[2012/07/13 13:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports

[2012/07/11 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Virtua Tennis 4

[2012/07/10 18:13:19 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Electronic Arts

[2012/07/09 23:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2012/07/08 20:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2012/07/07 23:26:27 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\SimCity 4

[2012/07/07 23:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis

[2012/07/07 23:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis

[2012/03/31 19:40:25 | 010,975,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Program Files\RTLCPL.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 12:14:48 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000UA.job

[2012/08/05 12:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/04 23:55:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/04 23:55:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/04 23:48:06 | 2077,900,799 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/04 20:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000Core.job

[2012/08/04 17:31:33 | 000,002,364 | ---- | M] () -- C:\Users\Public\Desktop\The Political Machine 2012.lnk

[2012/08/01 23:40:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/08/01 23:40:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/08/01 23:40:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/07/30 10:47:04 | 678,961,782 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/27 00:20:09 | 000,871,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/27 00:20:09 | 000,726,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/27 00:20:09 | 000,144,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/24 21:30:27 | 000,415,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/23 15:59:36 | 000,000,285 | ---- | M] () -- C:\Users\Isaac\test.mumblelay

[2012/07/23 13:40:23 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/07/15 17:59:38 | 000,000,093 | ---- | M] () -- C:\Users\Isaac\AppData\Local\fusioncache.dat

[2012/07/15 17:59:11 | 000,002,238 | ---- | M] () -- C:\Users\Isaac\Desktop\Calculus Solved!.lnk

[2012/07/15 17:56:13 | 000,887,372 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/13 13:47:50 | 000,001,158 | ---- | M] () -- C:\Users\Isaac\Desktop\NBA 2K12.lnk

[2012/07/07 23:22:02 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 00:14:26 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@

[2012/08/05 00:14:23 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@

[2012/08/05 00:14:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@

[2012/08/04 17:31:33 | 000,002,364 | ---- | C] () -- C:\Users\Public\Desktop\The Political Machine 2012.lnk

[2012/08/04 17:29:07 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L\00000004.@

[2012/08/04 17:29:06 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000064.@

[2012/08/04 17:29:05 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@

[2012/08/04 17:28:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000004.@

[2012/07/30 10:47:04 | 678,961,782 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/07/23 15:59:36 | 000,000,285 | ---- | C] () -- C:\Users\Isaac\test.mumblelay

[2012/07/23 13:40:23 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/07/15 17:59:38 | 000,000,093 | ---- | C] () -- C:\Users\Isaac\AppData\Local\fusioncache.dat

[2012/07/15 17:59:11 | 000,002,238 | ---- | C] () -- C:\Users\Isaac\Desktop\Calculus Solved!.lnk

[2012/07/13 13:47:50 | 000,001,158 | ---- | C] () -- C:\Users\Isaac\Desktop\NBA 2K12.lnk

[2012/07/07 23:22:02 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat

[2012/06/04 00:29:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2012/05/16 20:09:22 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/03/20 13:09:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/03/20 13:05:56 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/13 16:13:27 | 000,887,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/02/17 23:31:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/02/17 07:17:20 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/02/17 07:17:19 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/02/17 04:16:04 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\@

[2012/02/16 14:22:11 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2012/02/16 14:22:11 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2012/02/16 14:22:11 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2012/02/16 14:22:10 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/02/16 14:22:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/02/16 14:19:59 | 000,000,003 | ---- | C] () -- C:\Users\Isaac\AppData\Local\user_data.ini

[2012/02/16 14:12:18 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/02/16 14:12:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/02/16 14:12:18 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/02/16 14:12:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/02/16 14:12:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/02/16 14:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/05/06 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\.minecraft

[2012/07/13 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\2K Sports

[2012/06/04 00:26:04 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DAEMON Tools Lite

[2012/07/16 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DarknessII

[2012/02/16 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DeviceVm

[2012/07/29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade Warband

[2012/08/02 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mumble

[2012/02/16 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Origin

[2012/06/12 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\PunkBuster

[2012/02/27 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\The Creative Assembly

[2012/05/07 01:33:03 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\TS3Client

[2012/05/06 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\ts3overlay

[2012/02/25 05:02:34 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Ubisoft

[2009/07/13 23:08:49 | 000,010,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/5/2012 12:17:21 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Isaac\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.48% Memory free

15.83 Gb Paging File | 13.06 Gb Available in Paging File | 82.54% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.54 Gb Total Space | 388.23 Gb Free Space | 55.58% Space Free | Partition Type: NTFS

Drive E: | 591.29 Gb Total Space | 86.60 Gb Free Space | 14.65% Space Free | Partition Type: NTFS

Drive J: | 322.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit)

"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager

"{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VIRTU_is1" = VIRTU 1.2.104

"WinRAR archiver" = WinRAR archiver

"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12

"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish

"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff

"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish

"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff

"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy

"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional

"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French

"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime

"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German

"{5B0CE14A-B9B6-4E25-A1BE-3EEC1998AC2C}" = SmartView Software Updater

"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian

"{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}" = Calculus Solved!

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch

"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian

"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian

"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish

"{A93F2D1C-9146-41BC-B662-60DB662B1FFA}_is1" = Gnomoria Demo version 0.8.2.1

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish

"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™

"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio

"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game

"{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision

"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard

"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga

"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff

"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Alan Wake_is1" = Alan Wake

"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29

"Battlelog Web Plugins" = Battlelog Web Plugins

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo III" = Diablo III

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESN Sonar-0.70.4" = ESN Sonar

"FIFA 12 © EA_is1" = FIFA 12 © EA version 1

"Fraps" = Fraps (remove only)

"GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"OpenAL" = OpenAL

"Origin" = Origin

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale

"Red Alert 2" = Command & Conquer Red Alert 2

"Rockstar Games Social Club" = Rockstar Games Social Club

"Saints Row The Third_is1" = Saints Row The Third

"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity

"StarCraft II" = StarCraft II

"Starfarer" = Starfarer by Fractal Softworks LLC

"Steam App 105600" = Terraria

"Steam App 107100" = Bastion

"Steam App 113200" = The Binding of Isaac

"Steam App 17710" = Nuclear Dawn

"Steam App 1840" = Source Filmmaker

"Steam App 19900" = Far Cry 2

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 400" = Portal

"Steam App 42910" = Magicka

"Steam App 440" = Team Fortress 2

"Steam App 44320" = DiRT 3

"Steam App 4700" = Medieval II: Total War

"Steam App 4780" = Medieval II: Total War Kingdoms

"Steam App 48700" = Mount & Blade: Warband

"Steam App 500" = Left 4 Dead

"Steam App 8190" = Just Cause 2

"Steam App 99300" = Renegade Ops

"The Political Machine 2012_is1" = The Political Machine 2012

"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1

"VLC media player" = VLC media player 1.1.11

"XFastUsb" = XFastUsb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/5/2012 3:45:13 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 12012

Error - 8/5/2012 3:45:13 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 12012

Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 13010

Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 13010

Error - 8/5/2012 2:14:39 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time

stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x000cb312 Faulting process

id: 0xfcc Faulting application start time: 0x01cd73362dab464e Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:

6b5e709f-df29-11e1-99b4-bc5ff41ac965

Error - 8/5/2012 2:15:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time

stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0136b312 Faulting process

id: 0x47c Faulting application start time: 0x01cd7336558dd1cf Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:

933a1e37-df29-11e1-99b4-bc5ff41ac965

Error - 8/5/2012 2:16:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time

stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0023b312 Faulting process

id: 0xcec Faulting application start time: 0x01cd7336795c4c67 Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:

b70c425d-df29-11e1-99b4-bc5ff41ac965

Error - 8/5/2012 2:17:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time

stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0010b312 Faulting process

id: 0x1028 Faulting application start time: 0x01cd73369d2e226c Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:

dada6ed4-df29-11e1-99b4-bc5ff41ac965

Error - 8/5/2012 2:18:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time

stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x00e7b312 Faulting process

id: 0x11e4 Faulting application start time: 0x01cd7336c1032ccc Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id:

feb349d3-df29-11e1-99b4-bc5ff41ac965

[ System Events ]

Error - 8/5/2012 12:49:18 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 8/5/2012 1:48:31 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 8/5/2012 1:48:31 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 8/5/2012 1:48:34 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 8/5/2012 1:51:12 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 8/5/2012 1:51:12 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

< End of report >

Maniac · August 5, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/08/05 00:14:26 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@
[2012/08/05 00:14:23 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@
[2012/08/05 00:14:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@
[2012/08/04 17:29:07 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L\00000004.@
[2012/08/04 17:29:06 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000064.@
[2012/08/04 17:29:05 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@
[2012/08/04 17:28:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000004.@
[2012/02/17 04:16:04 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\@

:files
C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Isaac105 · August 5, 2012

OTL Log:

All processes killed

========== OTL ==========

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L\00000004.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000064.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000004.@ moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\@ moved successfully.

========== FILES ==========

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U folder moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Isaac\Downloads\cmd.bat deleted successfully.

C:\Users\Isaac\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Isaac

->Temp folder emptied: 1916455031 bytes

->Temporary Internet Files folder emptied: 37932223 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 345512332 bytes

->Flash cache emptied: 33316 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 356352 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 100778651 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35655608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 2841 bytes

Total Files Cleaned = 2,324.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_143806

Files\Folders moved on Reboot...

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U folder moved successfully.

C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} folder moved successfully.

C:\Users\Isaac\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} not found!

File C:\Users\Isaac\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Maniac · August 5, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Isaac105 · August 5, 2012

ComboFix log:

ComboFix 12-08-05.02 - Isaac 08/05/2012 17:07:13.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6366 [GMT -6:00]

Running from: c:\users\Isaac\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\ntuser.dat

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

E:\Autorun.inf

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

2012-08-05 23:12 . 2012-08-05 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-05 20:38 . 2012-08-05 20:38 -------- d-----w- C:\_OTL

2012-08-05 00:49 . 2012-08-05 00:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 23:34 . 2012-08-04 23:34 -------- d-----w- c:\programdata\Stardock

2012-08-04 23:34 . 2012-08-04 23:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-04 23:31 . 2012-08-04 23:31 -------- d-----w- c:\program files (x86)\Stardock Entertainment

2012-07-30 02:12 . 2012-07-30 02:13 -------- d-----w- c:\users\Isaac\AppData\Roaming\Mount&Blade Warband

2012-07-29 16:24 . 2012-07-29 16:24 -------- d-----w- c:\users\Isaac\AppData\Local\CrashRpt

2012-07-23 19:40 . 2012-07-23 19:40 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-07-23 18:59 . 2012-07-23 18:59 -------- d-----w- c:\programdata\ATI

2012-07-23 18:59 . 2012-07-23 18:59 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-19 18:23 . 2012-07-19 18:23 -------- d-----w- c:\program files (x86)\Remedy Entertainment

2012-07-16 02:08 . 2012-07-16 22:21 -------- d-----w- c:\users\Isaac\AppData\Roaming\DarknessII

2012-07-15 23:59 . 2012-07-16 00:08 -------- d-----w- c:\users\Isaac\AppData\Local\ApplicationHistory

2012-07-15 23:59 . 2012-07-15 23:59 61440 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut2_8DE78A52B79D45749D2AA56C90CEEA8D.exe

2012-07-15 23:59 . 2012-07-15 23:59 61440 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut1_8DE78A52B79D45749D2AA56C90CEEA8D.exe

2012-07-15 23:59 . 2012-07-15 23:59 -------- d-----w- c:\program files (x86)\Bagatrix

2012-07-15 23:49 . 2012-07-15 23:49 -------- d-----w- c:\users\Isaac\AppData\Roaming\U3

2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\users\Isaac\AppData\Roaming\2K Sports

2012-07-13 19:44 . 2012-07-13 19:44 -------- d-----w- c:\program files (x86)\2K Sports

2012-07-10 05:56 . 2012-07-10 07:02 -------- d-----w- c:\program files (x86)\Electronic Arts

2012-07-09 17:52 . 2012-07-09 19:23 -------- d-----w- c:\users\DefaultAppPool

2012-07-09 02:44 . 2012-07-09 02:44 -------- d-----w- c:\program files (x86)\Microsoft WSE

2012-07-08 05:21 . 2012-07-08 05:21 -------- d-----w- c:\program files (x86)\Maxis

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 00:49 . 2012-02-16 23:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 05:40 . 2012-02-17 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-02 05:40 . 2012-02-17 13:17 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-02 05:40 . 2012-02-17 13:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-03 19:46 . 2012-02-16 20:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-29 10:04 . 2012-08-04 19:50 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E2115AC-8E94-4138-8C51-FD385716A73D}\mpengine.dll

2012-06-14 16:54 . 2012-02-17 13:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-06-11 19:50 . 2012-06-11 19:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 19:50 . 2012-06-11 19:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 19:50 . 2012-06-11 19:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 19:50 . 2012-06-11 19:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 19:50 . 2012-06-11 19:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 19:50 . 2012-06-11 19:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 19:49 . 2012-06-11 19:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-10-12 20:14 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-03-20 19:08 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-10-12 19:44 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-10-12 19:33 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-03-20 19:09 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-10-12 19:29 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-03-20 19:10 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-10-12 19:29 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-07 00:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-06-07 00:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-04 06:29 . 2012-06-04 06:29 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll

2012-06-04 06:24 . 2012-06-04 06:24 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-02 22:19 . 2012-06-23 15:49 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 15:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-23 15:50 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 15:50 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 15:49 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-23 15:50 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-23 15:49 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-23 15:49 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-23 15:49 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 18:25 . 2012-02-16 21:18 279656 ------w- c:\windows\system32\MpSigStub.exe

2009-04-14 21:45 . 2012-04-01 01:40 10975264 ----a-w- c:\program files\RTLCPL.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-12 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-02-16 4942336]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 gwfilt64;Service 2 for Creative X-Fi Audio (WDM);c:\windows\system32\drivers\gwfilt64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-18 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-04 283200]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-16 15936]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S2 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-16 31808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;Service for Creative X-Fi Audio (WDM);c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}]

\shell\AutoRun\command - J:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000Core.job

- c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 21:12]

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000UA.job

- c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 21:12]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)

Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\Software\SecuROM\License information*]

"datasecu"=hex:60,f1,21,b9,e5,ed,80,ca,ce,d4,8a,28,fd,51,0e,94,e7,68,e1,1e,f1,

bc,d9,a2,88,60,bb,52,04,36,16,97,ce,af,5f,6a,e5,15,d8,e0,b2,b0,6c,fb,a0,e8,\

"rkeysecu"=hex:53,9c,85,6f,f1,18,50,8d,59,dd,47,19,a4,75,58,97

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-05 17:17:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-05 23:17

.

Pre-Run: 417,723,514,880 bytes free

Post-Run: 417,562,767,360 bytes free

.

- - End Of File - - BD44A678120EE9E9836C54C8D5F00E1D

Maniac · August 6, 2012

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Isaac105 · August 7, 2012

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div># version=7</div>

<div># iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=feccc4b3b49ca04982fdac66b465171c</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># local_time=2012-08-06 10:57:09 (-0700, Mountain Daylight Time)</div>

<div># country="United States"</div>

<div># osver=6.1.7601 NT Service Pack 1</div>

<div># compatibility_mode=512 16777215 100 0 0 0 0 0</div>

<div># compatibility_mode=5893 16776573 100 94 102866 95855651 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=319322</div>

<div># found=8</div>

<div># cleaned=8</div>

<div>C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Sirefef.EZ trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AD trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Patched.A.Gen trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Users\Isaac\Downloads\scandsk.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Simda.B trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Agent.BA trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Conedex.B trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AP trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

Isaac105 · August 7, 2012

Not sure why that log posted with such ugly formatting. Trying again.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=feccc4b3b49ca04982fdac66b465171c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-07 04:57:09

# local_time=2012-08-06 10:57:09 (-0700, Mountain Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 102866 95855651 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=319322

# found=8

# cleaned=8

# scan_time=3228

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Isaac\Downloads\scandsk.exe Win32/Simda.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@ Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Maniac · August 7, 2012

Good!

How are things now?

Isaac105 · August 7, 2012

It doesn't seem like my browser is hijacked anymore. It doesn't redirect me to random websites now. Does the PC look clean now?

Maniac · August 7, 2012

Yes, looks much better now.

Please run OTL and click on CleanUp button. Next, uninstall ESET Online Scanner.

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

Isaac105 · August 8, 2012

Thank you so much for your help

Maniac · August 8, 2012

You're welcome!

Maurice Naggar · August 9, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Trojan.Dropper.BCMiner/Rootkit.0Access

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information