Jump to content

SVCHOST.EXE Trojan Infection - Please Help!


Gand

Recommended Posts

Hi. I keep having an issue with 2 svchost.exe trojans being found and after having them removed I restart my computer as instructed, but then it comes up again and is an endless cycle without actually getting rid of the trojan. Any help would be much appreciated. Thank you in advance!

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Link to post
Share on other sites

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Link to post
Share on other sites

Thank you and here are the logs:

2012/12/01 18:41:34 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:41:44 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:41:55 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:42:05 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:42:15 -0500 EX-RIG-PC (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Starting protection

2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Protection started successfully

2012/12/01 18:43:11 -0500 EX-RIG-PC EX-RIG MESSAGE Starting IP protection

2012/12/01 18:43:13 -0500 EX-RIG-PC EX-RIG MESSAGE IP Protection started successfully

2012/12/01 18:44:23 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE

2012/12/01 18:44:35 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:44:45 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:44:55 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:45:05 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:45:16 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:45:26 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/01 18:45:36 -0500 EX-RIG-PC EX-RIG DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

Next one:

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.01.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

EX-RIG :: EX-RIG-PC [administrator]

Protection: Enabled

12/1/2012 6:41:29 PM

mbam-log-2012-12-01 (18-41-29).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 172643

Time elapsed: 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

And I restart and it finds it all over again and I quarantine it. It has gone from finding 2 to just one now.

Link to post
Share on other sites

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by EX-RIG at 18:51:22 on 2012-12-01

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.6142 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe

C:\Program Files (x86)\XFast USB\XFastUsb.exe

C:\Users\EX-RIG\AppData\Local\Apps\2.0\0BQ9XCG4.N4V\9RA2QD6O.AD6\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [smartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~1.LNK - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740} : DHCPNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; C:\Users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-25 17192]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-23 283200]

R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-5-25 15936]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-7 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 676936]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-25 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-15 25928]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-5-25 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-25 471144]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-9-3 56448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DesktopCentralServer;ManageEngine Desktop Central Server;C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-6-21 458008]

S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]

S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-7-24 32320]

S3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-6-21 228488]

S3 MEDCServerComponent-Apache;MEDC Server Component - Apache;C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-6-21 20549]

S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-7-15 18360]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-7-8 694888]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-21 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-7 1255736]

.

=============== Created Last 30 ================

.

2012-12-01 23:44:01 20480 ----a-w- C:\Windows\svchost.exe

2012-11-25 21:22:08 -------- d-----w- C:\Users\EX-RIG\AppData\Local\ESN

2012-11-23 17:09:35 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-11-23 17:09:29 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-11-22 04:09:10 -------- d-sh--w- C:\found.001

2012-11-22 03:07:41 -------- d-----w- C:\Fraps

2012-11-17 17:42:35 -------- d-----w- C:\Users\EX-RIG\AppData\Roaming\cYo

2012-11-17 17:42:35 -------- d-----w- C:\Users\EX-RIG\AppData\Local\cYo

2012-11-17 17:40:20 -------- d-----w- C:\Program Files\ComicRack

2012-11-16 13:57:07 -------- d-----w- C:\Program Files (x86)\Steam

2012-11-15 12:28:19 -------- d-----w- C:\Users\EX-RIG\AppData\Local\CrashRpt

2012-11-15 12:28:19 -------- d-----w- C:\Users\EX-RIG\AppData\Local\Arktos

2012-11-14 00:16:07 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 00:16:02 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-14 00:16:02 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-11-25 21:23:16 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-11-25 21:23:07 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-11-25 21:23:07 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-11-25 21:22:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-11-17 16:52:29 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS

2012-11-12 01:01:48 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 01:01:48 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-10-09 12:01:08 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 19:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe

2012-09-28 19:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-09-28 19:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-09-28 19:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-09-28 19:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-09-28 19:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-09-28 19:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll

2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll

2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll

2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe

2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll

2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll

2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-09-09 05:36:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-09 05:36:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-04 16:30:43 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

.

============= FINISH: 18:51:59.72 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/25/2012 1:28:55 PM

System Uptime: 12/1/2012 6:42:35 PM (0 hours ago)

.

Motherboard: ASRock | | 970 Extreme3

Processor: AMD FX-4100 Quad-Core Processor | CPUSocket | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 634.447 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP81: 11/21/2012 11:37:52 PM - Windows Update

RP82: 11/22/2012 11:36:21 AM - Removed Resident Evil Operation Raccoon City

RP83: 11/23/2012 12:09:38 PM - Device Driver Package Install: DT Soft Ltd System devices

.

==== Installed Programs ======================

.

µTorrent

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Profiles

ASRock App Charger v1.0.5

ASRock eXtreme Tuner v0.1.122

ASRock InstantBoot v1.29

Assassin's Creed Brotherhood

ATI AVIVO64 Codecs

AVG 2013

AVG PC Tuneup

Battlefield 3™

Battlelog Web Plugins

Belkin USB Wireless Adaptor

Bonjour

calibre

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ComicRack v0.9.156

Curse Client

DAEMON Tools Lite

EasyBoost

ESN Sonar

Etron USB3.0 Host Controller

Fraps (remove only)

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HydraVision

iTunes

Java 2 Runtime Environment, SE v1.4.2_19

Java 7 Update 6 (64-bit)

Java 7 Update 9

Java Auto Updater

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.65.1.1000

ManageEngine Desktop Central 8 - Server

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Mouse and Keyboard Center

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

Origin

Overwolf

Pando Media Booster

PunkBuster Services

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Star Wars: The Old Republic

Steam

TeamSpeak 3 Client

The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021

The Lord of the Rings Online™: Riders of Rohan™! v03.08.00.1107

The War Z version alpha

THX TruStudio

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.3

Windows Live ID Sign-in Assistant

WinRAR 4.20 (64-bit)

World of Warcraft

XFast LAN v6.61

XFast USB

.

==== Event Viewer Messages From Past Week ========

.

12/1/2012 6:43:15 PM, Error: Service Control Manager [7024] - The ManageEngine Desktop Central Server service terminated with service-specific error %%-1.

12/1/2012 6:43:11 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

12/1/2012 12:25:13 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

11/29/2012 6:37:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030c666b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-50388-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Good job..... :)

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

**If you are using a 64bit system please use either of the following links for your download instead:

Link 1

Link 2

  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content within the following codebox into the main textfield:

    :dir
    c:\users\EX-RIG\AppData\Roaming\cYo /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 23:17 on 01/12/2012 by EX-RIG

Administrator - Elevation successful

========== dir ==========

c:\users\EX-RIG\AppData\Roaming\cYo - Parameters: "/s"

---Files---

None found.

c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack d------ [17:42 17/11/2012]

ComicDb.xml --a---- 10775 bytes [17:50 17/11/2012] [17:33 23/11/2012]

ComicDb.xml.bak --a---- 10775 bytes [17:50 17/11/2012] [17:33 23/11/2012]

Config.xml --a---- 14165 bytes [17:50 17/11/2012] [17:33 23/11/2012]

DonateImage --a---- 2120 bytes [17:42 17/11/2012] [17:42 17/11/2012]

NewsFeeds.xml --a---- 17885 bytes [17:50 17/11/2012] [17:33 23/11/2012]

c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack\Scripts d------ [17:42 17/11/2012]

c:\users\EX-RIG\AppData\Roaming\cYo\ComicRack\Scripts\.Pending d------ [17:07 23/11/2012]

-= EOF =-

Link to post
Share on other sites

I didn't think I ran it as Admin so I reran it and this is what came up:

SystemLook 30.07.11 by jpshortstuff

Log created at 23:26 on 01/12/2012 by EX-RIG

Administrator - Elevation successful

========== dir ==========

c:\users\EX-RIG\AppData\Roaming\cYo - Parameters: "(none)"

---Files---

None found.

---Folders---

ComicRack d------ [17:42 17/11/2012]

-= EOF =-

Link to post
Share on other sites

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    Firefox::
    FF - ProfilePath - c:\users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\
    FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running.

Link to post
Share on other sites

Here you go:

ComboFix 12-12-01.02 - EX-RIG 12/01/2012 23:34:18.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.5978 [GMT -5:00]

Running from: c:\users\EX-RIG\Desktop\ComboFix.exe

Command switches used :: c:\users\EX-RIG\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 04:38 . 2012-12-02 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 00:39 . 2012-12-02 00:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-02 00:38 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-12-02 00:38 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2012-12-02 00:38 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2012-12-02 00:38 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2012-12-02 00:38 . 2006-07-28 14:30 62744 ----a-w- c:\windows\SysWow64\xinput1_2.dll

2012-11-25 21:22 . 2012-11-25 21:22 -------- d-----w- c:\users\EX-RIG\AppData\Local\ESN

2012-11-23 17:09 . 2012-11-23 17:09 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-11-23 17:09 . 2012-11-23 17:09 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-11-22 04:09 . 2012-11-22 04:09 -------- d-----w- C:\found.001

2012-11-22 03:07 . 2012-11-23 02:49 -------- d-----w- C:\Fraps

2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Roaming\cYo

2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Local\cYo

2012-11-17 17:40 . 2012-11-17 17:41 -------- d-----w- c:\program files\ComicRack

2012-11-16 13:57 . 2012-12-02 01:23 -------- d-----w- c:\program files (x86)\Steam

2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\CrashRpt

2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\Arktos

2012-11-14 00:16 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 00:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 00:16 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-25 21:23 . 2012-09-04 04:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-11-25 21:23 . 2012-09-06 03:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-11-25 21:23 . 2012-09-04 04:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-11-25 21:22 . 2012-09-04 04:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-11-17 16:52 . 2012-07-24 21:52 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS

2012-11-14 04:22 . 2012-07-21 18:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-12 01:01 . 2012-06-07 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 01:01 . 2012-06-07 03:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 12:01 . 2012-10-09 12:01 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-29 23:54 . 2012-07-15 23:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 19:37 . 2012-09-28 19:37 221696 ----a-w- c:\windows\system32\clinfo.exe

2012-09-28 19:36 . 2012-09-28 19:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-09-28 19:36 . 2012-09-28 19:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-09-28 19:36 . 2012-09-28 19:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-09-28 19:36 . 2012-09-28 19:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-09-28 19:36 . 2012-09-28 19:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll

2012-09-28 19:32 . 2012-09-28 19:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2012-06-11 17:23 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll

2012-09-28 01:22 . 2012-06-11 17:01 7167488 ----a-w- c:\windows\system32\atidxx64.dll

2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-09-28 01:11 . 2012-06-11 16:25 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll

2012-09-28 01:10 . 2012-06-11 16:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-09-25 03:16 . 2012-10-21 05:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 19:19 . 2012-10-10 12:18 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-09 05:36 . 2012-06-17 03:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 05:36 . 2012-06-17 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-04 16:30 . 2012-09-04 16:30 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-10-06 17:39 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-10-06 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-29 3492504]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-11-16 1353080]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-05-25 4878912]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-06 947808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-06 856160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

.

c:\users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-9-8 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ManageEngine Desktop Central.lnk - c:\program files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe [2012-6-21 208008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\program files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-06-21 458008]

R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]

R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-11-17 32320]

R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\program files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-06-21 228488]

R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\program files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-06-21 20549]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-09-13 18360]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-23 283200]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-25 15936]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-14 56448]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 38341475

*NewlyCreated* - 41599736

*NewlyCreated* - 44885937

*Deregistered* - 38341475

*Deregistered* - 41599736

*Deregistered* - 44885937

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 01:01]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/?ilc=1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=

FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-PunkBusterSvc - c:\program files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6f,09,3e,7e,1c,c3,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-01 23:40:20

ComboFix-quarantined-files.txt 2012-12-02 04:40

ComboFix2.txt 2012-12-02 00:58

.

Pre-Run: 708,134,739,968 bytes free

Post-Run: 708,103,589,888 bytes free

.

- - End Of File - - DA15CBC00CA6BD546C76892EDCA33374

Link to post
Share on other sites

Hi,

Looks like it wants to stick around....

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

Here it is:

ComboFix 12-12-01.02 - EX-RIG 12/02/2012 14:22:42.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8172.6176 [GMT -5:00]

Running from: c:\users\EX-RIG\Desktop\ComboFix.exe

Command switches used :: c:\users\EX-RIG\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi"

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 19:27 . 2012-12-02 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 00:39 . 2012-12-02 00:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-02 00:38 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-12-02 00:38 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2012-12-02 00:38 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2012-12-02 00:38 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2012-12-02 00:38 . 2006-07-28 14:30 62744 ----a-w- c:\windows\SysWow64\xinput1_2.dll

2012-11-25 21:22 . 2012-11-25 21:22 -------- d-----w- c:\users\EX-RIG\AppData\Local\ESN

2012-11-23 17:09 . 2012-11-23 17:09 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-11-23 17:09 . 2012-11-23 17:09 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-11-22 04:09 . 2012-11-22 04:09 -------- d-----w- C:\found.001

2012-11-22 03:07 . 2012-11-23 02:49 -------- d-----w- C:\Fraps

2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Roaming\cYo

2012-11-17 17:42 . 2012-11-17 17:42 -------- d-----w- c:\users\EX-RIG\AppData\Local\cYo

2012-11-17 17:40 . 2012-11-17 17:41 -------- d-----w- c:\program files\ComicRack

2012-11-16 13:57 . 2012-12-02 17:46 -------- d-----w- c:\program files (x86)\Steam

2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\CrashRpt

2012-11-15 12:28 . 2012-11-15 12:28 -------- d-----w- c:\users\EX-RIG\AppData\Local\Arktos

2012-11-14 00:16 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 00:16 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 00:16 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-25 21:23 . 2012-09-04 04:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-11-25 21:23 . 2012-09-06 03:08 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-11-25 21:23 . 2012-09-04 04:42 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-11-25 21:22 . 2012-09-04 04:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-11-17 16:52 . 2012-07-24 21:52 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS

2012-11-14 04:22 . 2012-07-21 18:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-12 01:01 . 2012-06-07 03:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 01:01 . 2012-06-07 03:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 12:01 . 2012-10-09 12:01 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-29 23:54 . 2012-07-15 23:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 19:37 . 2012-09-28 19:37 221696 ----a-w- c:\windows\system32\clinfo.exe

2012-09-28 19:36 . 2012-09-28 19:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-09-28 19:36 . 2012-09-28 19:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-09-28 19:36 . 2012-09-28 19:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-09-28 19:36 . 2012-09-28 19:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-09-28 19:36 . 2012-09-28 19:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll

2012-09-28 19:32 . 2012-09-28 19:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2012-06-11 17:23 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll

2012-09-28 01:22 . 2012-06-11 17:01 7167488 ----a-w- c:\windows\system32\atidxx64.dll

2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-09-28 01:13 . 2012-07-28 01:15 595456 ----a-w- c:\windows\system32\atiadlxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-09-28 01:11 . 2012-06-11 16:25 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll

2012-09-28 01:10 . 2012-06-11 16:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-09-25 03:16 . 2012-10-21 05:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 19:19 . 2012-10-10 12:18 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 12:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-09 05:36 . 2012-06-17 03:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-09 05:36 . 2012-06-17 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-04 16:30 . 2012-09-04 16:30 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-10-06 17:39 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-10-06 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-29 3492504]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-11-16 1353080]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-20 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-05-25 4878912]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-06 947808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-06 856160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

.

c:\users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-9-8 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ManageEngine Desktop Central.lnk - c:\program files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe [2012-6-21 208008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\program files (x86)\DesktopCentral_Server\bin\wrapper.exe [2012-06-21 458008]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]

R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-11-17 32320]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\program files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe [2012-06-21 228488]

R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\program files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2012-06-21 20549]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2012-09-13 18360]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-07 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-23 283200]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-25 15936]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-12-14 56448]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 01:01]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 00:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/?ilc=1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\EX-RIG\AppData\Roaming\Mozilla\Firefox\Profiles\wwmoc3kr.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q=

FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; abtbumgdjd@abtbumgdjd.org; c:\users\EX-RIG\Application Data\Mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-PunkBusterSvc - c:\program files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6f,09,3e,7e,1c,c3,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 14:28:48

ComboFix-quarantined-files.txt 2012-12-02 19:28

ComboFix2.txt 2012-12-02 04:40

ComboFix3.txt 2012-12-02 00:58

.

Pre-Run: 718,706,630,656 bytes free

Post-Run: 718,654,578,688 bytes free

.

- - End Of File - - 278209AC41F38AC3291A983F786B0FA7

Link to post
Share on other sites

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

OTL.txt

OTL logfile created on: 12/2/2012 3:01:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EX-RIG\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.50% Memory free

15.96 Gb Paging File | 14.02 Gb Available in Paging File | 87.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 669.35 Gb Free Space | 71.86% Space Free | Partition Type: NTFS

Drive E: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: EX-RIG-PC | User Name: EX-RIG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\EX-RIG\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()

PRC - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()

PRC - C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)

PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Origin\tufao.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\DesktopCentral_Server\bin\DesktopCentral.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (cFosSpeedS) -- C:\Program Files\ASRock\XFast LAN\spd.exe (cFos Software GmbH)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)

SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()

SRV - (DesktopCentralServer) -- C:\Program Files (x86)\DesktopCentral_Server\bin\wrapper.exe (Tanuki Software, Ltd.)

SRV - (MEDC Server Component - Notification Server) -- C:\Program Files (x86)\DesktopCentral_Server\bin\dcnotificationserver.exe ()

SRV - (MEDCServerComponent-Apache) -- C:\Program Files (x86)\DesktopCentral_Server\apache\bin\dcserverhttpd.exe (Apache Software Foundation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)

DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)

DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)

DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. )

DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=18BA7DCC-3780-4D1D-8013-524F44E25EA3&apn_sauid=DCA3FF93-A6A8-4E68-A4A4-817AC8398A18

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{26685492-363D-4498-B351-4C93655AD19C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120833,17118,0,18,0

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=A46A48171591F705ADFD42502FBE0506&q={searchTerms}

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{7380A3CB-88C7-4e36-9626-4E2A4BE6E6BB}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8341BCA4-0CE5-44FB-AF38-2D95A59CF173}&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-10-06 13:39:04&v=12.2.5.34&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.2.100013

FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32

FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B02cba759-112d-4402-8e42-99723513a53b%7D&mid=a8817feec09447d08d346d16b2cf3d41-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=12.2.5.32〈=en&pr=fr&d=2012-07-15%2011%3A01%3A25&sap=ku&q="

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/06 12:39:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 17:51:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Extensions

[2012/10/28 12:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions

[2012/06/16 12:10:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\Firefox\Profiles\wwmoc3kr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[1832/11/28 23:37:17 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\extensions\abtbumgdjd@abtbumgdjd.org.xpi

[2012/09/09 13:17:53 | 000,002,568 | ---- | M] () -- C:\Users\EX-RIG\AppData\Roaming\mozilla\firefox\profiles\wwmoc3kr.default\searchplugins\askcom.xml

[2012/06/16 12:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/11/08 19:05:44 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/01 19:56:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()

O3 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2915767657-1673396557-64539955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F7AF5A-1CB6-4058-B335-6EB262D7D740}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 02:44:56 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/02 14:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe

[2012/12/02 14:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/01 19:49:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/01 19:49:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/01 19:49:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/01 19:49:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/01 19:49:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/01 19:48:09 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe

[2012/12/01 19:39:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/12/01 19:38:10 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Telltale Games

[2012/12/01 18:52:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe

[2012/12/01 18:48:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com

[2012/11/25 16:22:08 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\ESN

[2012/11/23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2012/11/23 12:09:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/11/23 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2012/11/22 11:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

[2012/11/21 23:09:10 | 000,000,000 | ---D | C] -- C:\found.001

[2012/11/21 22:07:41 | 000,000,000 | ---D | C] -- C:\Fraps

[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\cYo

[2012/11/17 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\cYo

[2012/11/17 12:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack

[2012/11/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack

[2012/11/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/11/17 11:05:38 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Desktop\Star Wars

[2012/11/16 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/11/16 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\CrashRpt

[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\Arktos

[2012/11/15 07:28:19 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\AppData\Local\Arktos

[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\EX-RIG\Documents\The War Z

[2012/11/11 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z

[2012/11/10 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/02 15:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/02 14:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/02 14:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EX-RIG\Desktop\OTL.exe

[2012/12/02 14:44:15 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/02 14:44:15 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/02 14:44:15 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/02 14:38:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/02 14:38:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/02 14:38:46 | 2131,472,383 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/01 23:16:41 | 000,165,376 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe

[2012/12/01 23:16:26 | 000,139,264 | ---- | M] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe

[2012/12/01 19:56:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/12/01 19:48:09 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\ComboFix.exe

[2012/12/01 19:05:41 | 000,000,222 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url

[2012/12/01 18:52:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\EX-RIG\Desktop\tdsskiller.exe

[2012/12/01 18:48:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EX-RIG\Desktop\dds.com

[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/01 18:42:12 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/29 18:55:44 | 005,063,682 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub

[2012/11/29 18:37:32 | 440,134,815 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/25 16:23:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/11/25 16:23:07 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/11/25 16:22:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/11/23 12:31:15 | 000,509,552 | ---- | M] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif

[2012/11/23 12:29:16 | 000,068,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png

[2012/11/23 12:10:42 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2012/11/23 12:09:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/11/22 11:40:30 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk

[2012/11/21 23:47:05 | 000,785,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/11/19 09:03:07 | 000,020,953 | ---- | M] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf

[2012/11/17 12:40:22 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2012/11/17 11:56:49 | 000,000,221 | ---- | M] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url

[2012/11/17 11:52:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS

[2012/11/16 08:57:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

[2012/11/14 07:29:35 | 000,268,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/13 23:24:18 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[2012/11/11 14:34:30 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk

[2012/11/10 17:36:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/01 23:16:40 | 000,165,376 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook_x64.exe

[2012/12/01 23:16:26 | 000,139,264 | ---- | C] () -- C:\Users\EX-RIG\Desktop\SystemLook.exe

[2012/12/01 19:49:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/01 19:49:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/01 19:49:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/01 19:49:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/01 19:49:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/01 19:05:41 | 000,000,222 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The Walking Dead.url

[2012/11/29 18:55:43 | 005,063,682 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Annihilation - Drew Karpyshyn.epub

[2012/11/23 12:31:48 | 000,509,552 | ---- | C] () -- C:\Users\EX-RIG\Desktop\tumblr_lz1d6f6j001qk7y3eo1_500.gif

[2012/11/23 12:29:27 | 000,068,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\plants-vs-zombies-icon.png

[2012/11/23 12:10:42 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2012/11/22 11:40:30 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk

[2012/11/21 21:56:02 | 000,000,318 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Curse Client.appref-ms

[2012/11/19 09:03:07 | 000,020,953 | ---- | C] () -- C:\Users\EX-RIG\Desktop\The War Z Interview.rtf

[2012/11/17 12:40:22 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2012/11/17 11:56:49 | 000,000,221 | ---- | C] () -- C:\Users\EX-RIG\Desktop\Assassin's Creed Brotherhood.url

[2012/11/16 08:57:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk

[2012/11/13 23:24:18 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI

[2012/11/11 14:34:30 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk

[2012/09/14 19:57:25 | 392,589,500 | ---- | C] () -- C:\Users\EX-RIG\this.means.war.2012.unrated.720p.bluray.x264-sparks.mkv

[2012/09/08 03:17:19 | 000,010,615 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.nfo

[2012/09/08 03:17:19 | 000,003,317 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Trilogy_Extended_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.sfv

[2012/09/08 01:04:00 | 4290,085,058 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Return_of_the_King_Ext_2003_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4

[2012/09/08 01:04:00 | 4249,049,694 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Fellowship_of_the_Ring_Ext_2001_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4

[2012/09/08 00:35:33 | 4292,386,964 | ---- | C] () -- C:\Users\EX-RIG\Lord_of_the_Rings_Two_towers_Ext_2002_1080p_BluRay_QEBS5_AAC51_PS3_MP4-FASM.mp4

[2012/09/03 23:42:11 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/09/03 23:42:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/07/15 10:58:06 | 000,000,094 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\fusioncache.dat

[2012/07/15 10:55:11 | 000,785,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/15 10:02:36 | 000,027,520 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\dt.dat

[2012/06/16 22:38:02 | 000,000,045 | ---- | C] () -- C:\Users\EX-RIG\jagex_cl_runescape_LIVE.dat

[2012/06/16 22:38:02 | 000,000,024 | ---- | C] () -- C:\Users\EX-RIG\random.dat

[2012/05/25 12:43:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2012/05/25 12:43:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2012/05/25 12:43:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/05/25 12:43:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/05/25 12:42:21 | 000,000,003 | ---- | C] () -- C:\Users\EX-RIG\AppData\Local\user_data.ini

[2012/05/25 12:34:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2012/10/12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012/07/21 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\.minecraft

[2012/07/16 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG

[2012/10/06 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\AVG2013

[2012/07/24 16:56:19 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\calibre

[2012/11/17 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\cYo

[2012/08/18 11:11:18 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DAEMON Tools Lite

[2012/07/15 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DeviceVm

[2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\DriverCure

[2012/05/25 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Leadertech

[2012/07/21 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Marine Aquarium 3

[2012/10/11 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Mumble

[2012/09/03 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Nuance

[2012/11/29 18:39:31 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Origin

[2012/09/20 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ParetoLogic

[2012/08/11 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Splashtop

[2012/08/18 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Thinstall

[2012/11/22 00:49:33 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TS3Client

[2012/08/03 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\ts3overlay

[2012/10/06 12:39:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\TuneUp Software

[2012/07/15 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Turbine

[2012/11/22 11:37:09 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\uTorrent

[2012/06/07 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\EX-RIG\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.