Jump to content

strange hidden stereo service ! from aswmbr scan


stvs

Recommended Posts

hi here is and MBAM and OTL logs:

OTL logfile created on: 12/12/2012 11:09:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vader\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3.91 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 81.82% Memory free

7.82 Gb Paging File | 7.16 Gb Available in Paging File | 91.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 448.41 Gb Free Space | 96.30% Space Free | Partition Type: NTFS

Drive E: | 100.00 Mb Total Space | 31.70 Mb Free Space | 31.70% Space Free | Partition Type: NTFS

Drive F: | 49.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VADER-PC | User Name: vader | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/12 23:09:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vader\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/25 22:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012/12/11 22:07:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/22 17:40:30 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/10/03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2010/11/25 20:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2010/10/05 15:08:46 | 002,655,768 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/10/05 15:08:42 | 000,325,656 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/05/24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/22 17:40:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/10/03 00:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012/08/25 22:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2012/06/25 13:38:44 | 000,104,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV:64bit: - [2012/06/25 13:38:44 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV:64bit: - [2012/06/25 13:38:44 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)

DRV:64bit: - [2012/06/25 13:38:38 | 000,229,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)

DRV:64bit: - [2012/06/25 13:38:34 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV:64bit: - [2012/06/25 13:38:30 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)

DRV:64bit: - [2012/06/19 07:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/11/25 20:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010/11/25 20:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010/11/25 20:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010/11/25 20:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010/11/25 20:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010/11/25 20:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010/11/25 20:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010/11/08 08:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)

DRV:64bit: - [2010/09/21 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/08/24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/07/27 03:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/07/27 03:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/07/08 01:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/10/23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/02 13:52:46 | 000,000,000 | ---D | M]

[2012/09/11 13:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vader\AppData\Roaming\mozilla\Extensions

[2012/12/04 15:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vader\AppData\Roaming\mozilla\Firefox\Profiles\snyrsbov.default-1353636461269\extensions

[2012/12/04 15:52:18 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\vader\AppData\Roaming\mozilla\firefox\profiles\snyrsbov.default-1353636461269\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012/11/24 03:05:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\vader\AppData\Roaming\mozilla\firefox\profiles\snyrsbov.default-1353636461269\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/02 13:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/11/29 10:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/11/29 10:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/29 10:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4 - HKCU..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - HKLM..\RunOnce: [Z1] C:\Users\vader\Desktop\mbar\mbar.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A63E2514-0DE4-49CF-920B-572E82F80327}: NameServer = 213.249.17.10 213.249.39.29

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E166C8-4532-4957-9C21-CB1E3947FE76}: NameServer = 213.249.17.10 213.249.39.29

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD0FAE06-F1BC-410A-BD5C-808D6BEF7555}: NameServer = 213.249.17.11 213.249.39.29

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/06/26 16:55:26 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{86c20edd-408c-11e2-8216-f11ebf24c68a}\Shell - "" = AutoRun

O33 - MountPoints2\{86c20edd-408c-11e2-8216-f11ebf24c68a}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2012/06/20 13:27:04 | 000,294,912 | R--- | M] (Vodafone)

O33 - MountPoints2\{86c20ee2-408c-11e2-8216-f11ebf24c68a}\Shell - "" = AutoRun

O33 - MountPoints2\{86c20ee2-408c-11e2-8216-f11ebf24c68a}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2012/06/20 13:27:04 | 000,294,912 | R--- | M] (Vodafone)

O33 - MountPoints2\{bec6535c-4086-11e2-8169-89c7a2609e8d}\Shell - "" = AutoRun

O33 - MountPoints2\{bec6535c-4086-11e2-8169-89c7a2609e8d}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2012/06/20 13:27:04 | 000,294,912 | R--- | M] (Vodafone)

O33 - MountPoints2\{bec65361-4086-11e2-8169-89c7a2609e8d}\Shell - "" = AutoRun

O33 - MountPoints2\{bec65361-4086-11e2-8169-89c7a2609e8d}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2012/06/20 13:27:04 | 000,294,912 | R--- | M] (Vodafone)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2012/06/20 13:27:04 | 000,294,912 | R--- | M] (Vodafone)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (SmartDefragBootTime.exe)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2031/01/04 18:19:30 | 000,031,576 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe

[2030/12/30 00:42:16 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\CrashDumps

[2030/12/29 14:20:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2030/12/29 05:19:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2030/12/29 05:16:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2030/12/29 05:15:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2030/12/29 05:15:01 | 000,000,000 | ---D | C] -- C:\Windows\Applications

[2030/12/29 02:34:30 | 000,020,992 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2030/12/29 02:34:30 | 000,017,920 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2030/12/29 02:29:26 | 000,144,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IntelOpenCL64.dll

[2030/12/29 02:29:23 | 000,104,448 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelOpenCL32.dll

[2030/12/29 02:21:42 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Mozilla

[2030/12/29 02:21:26 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\Mozilla

[2030/12/29 02:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2030/12/28 20:00:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros

[2030/12/28 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\BMExplorer

[2030/12/28 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\FSP

[2030/12/28 19:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2030/12/28 19:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utility

[2030/12/28 19:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Generic

[2030/12/28 19:55:03 | 002,228,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys

[2030/12/28 19:55:03 | 002,228,736 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys

[2030/12/28 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\vader\Documents\Bluetooth Folder

[2030/12/28 19:52:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program

[2030/12/28 19:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros

[2030/12/28 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros

[2030/12/28 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2030/12/28 19:51:52 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\InstallShield

[2030/12/28 19:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor

[2030/12/28 19:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun

[2030/12/28 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\FSP

[2030/12/28 19:49:55 | 000,245,760 | ---- | C] (Sentelic Corporation.) -- C:\Windows\SysNative\StlFspAPI64.dll

[2030/12/28 19:49:55 | 000,210,432 | ---- | C] (Sentelic Corporation.) -- C:\Windows\SysWow64\StlFspAPI32.dll

[2030/12/28 19:49:55 | 000,068,608 | ---- | C] (Sentelic Corporation) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys

[2030/12/28 19:49:55 | 000,062,976 | ---- | C] (Sentelic Corporation) -- C:\Windows\SysNative\fspadco.dll

[2030/12/28 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2030/12/28 19:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

[2030/12/28 19:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics

[2030/12/28 19:47:00 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys

[2030/12/28 19:46:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e

[2030/12/28 19:46:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2030/12/28 19:42:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

[2030/12/28 19:42:02 | 000,574,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll

[2030/12/28 19:42:02 | 000,092,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2266.dll

[2030/12/28 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent

[2030/12/28 19:37:25 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll

[2030/12/28 19:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2030/12/28 19:35:12 | 000,000,000 | R--D | C] -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2030/12/28 19:35:12 | 000,000,000 | R--D | C] -- C:\Users\vader\Searches

[2030/12/28 19:35:12 | 000,000,000 | R--D | C] -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2030/12/28 19:35:12 | 000,000,000 | -H-D | C] -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2030/12/28 19:35:01 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Identities

[2030/12/28 19:34:59 | 000,000,000 | R--D | C] -- C:\Users\vader\Contacts

[2030/12/28 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\VirtualStore

[2030/12/28 19:34:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2030/12/28 19:33:21 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll

[2030/12/28 19:33:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2030/12/28 19:32:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2030/12/28 19:31:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2030/12/28 19:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2030/12/28 19:29:49 | 000,000,000 | --SD | C] -- C:\Users\vader\AppData\Roaming\Microsoft

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Videos

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Saved Games

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Pictures

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Music

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Links

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Favorites

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Downloads

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Documents

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\Desktop

[2030/12/28 19:29:49 | 000,000,000 | R--D | C] -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Τα έγγραφά μου

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Documents\Τα βίντεό μου

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Documents\Οι εικόνες μου

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Documents\Η μουσική μου

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\AppData\Local\Temporary Internet Files

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Templates

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Start Menu

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\SendTo

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Recent

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\PrintHood

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\NetHood

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Local Settings

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\AppData\Local\History

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Cookies

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\Application Data

[2030/12/28 19:29:49 | 000,000,000 | -HSD | C] -- C:\Users\vader\AppData\Local\Application Data

[2030/12/28 19:29:49 | 000,000,000 | -H-D | C] -- C:\Users\vader\AppData

[2030/12/28 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\Temp

[2030/12/28 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\Microsoft

[2030/12/28 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Media Center Programs

[2030/12/15 20:20:48 | 000,000,000 | ---D | C] -- C:\Intel

[2030/12/15 19:51:46 | 000,000,000 | -HSD | C] -- C:\Recovery

[2030/12/15 19:42:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012/12/12 23:09:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vader\Desktop\OTL.exe

[2012/12/12 18:50:52 | 000,000,000 | ---D | C] -- C:\Users\vader\Desktop\Run

[2012/12/12 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Boredom Software

[2012/12/12 18:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boredom Software

[2012/12/12 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/12/12 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair

[2012/12/12 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\vader\Desktop\WiseRegistryCleanerPortable

[2012/12/12 16:05:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/12/12 15:15:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\vader\Desktop\aswMBR.exe

[2012/12/12 01:25:04 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\FullTiltPoker

[2012/12/12 01:18:31 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\PokerStars

[2012/12/11 11:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost

[2012/12/11 11:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueSprig

[2012/12/11 11:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueSprig

[2012/12/11 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\Programs

[2012/12/10 20:41:09 | 002,046,976 | ---- | C] (Geeks3D.com) -- C:\Users\vader\Desktop\TessMark.exe

[2012/12/10 13:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2012/12/10 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012/12/10 13:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/12/10 02:50:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/10 00:16:49 | 000,000,000 | ---D | C] -- C:\Users\vader\Desktop\mbar

[2012/12/09 02:23:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vader\Desktop\tdsskiller.exe

[2012/12/08 11:32:53 | 005,011,065 | ---- | C] (Swearware) -- C:\Users\vader\Desktop\ComboFix.exe

[2012/12/07 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Wise Registry Cleaner

[2012/12/07 23:56:12 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Wise Disk Cleaner

[2012/12/07 18:42:51 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys

[2012/12/07 18:07:16 | 000,229,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys

[2012/12/07 18:07:15 | 000,030,720 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys

[2012/12/07 18:07:14 | 000,104,448 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys

[2012/12/07 18:07:06 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01007.dll

[2012/12/07 18:07:06 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys

[2012/12/07 18:07:05 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys

[2012/12/07 18:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision

[2012/12/07 18:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2012/12/07 18:06:14 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Local\Downloaded Installations

[2012/12/02 13:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/12/02 00:11:19 | 000,145,256 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\LnkProtect.dll

[2012/11/29 18:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV

[2012/11/29 18:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV

[2012/11/29 18:43:10 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2012/11/29 18:43:10 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2012/11/29 18:43:10 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2012/11/29 18:43:10 | 000,866,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll

[2012/11/29 18:43:10 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2012/11/29 18:43:10 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2012/11/29 18:43:10 | 000,055,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll

[2012/11/29 18:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012/11/27 07:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2012/11/27 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver

[2012/11/27 01:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/11/26 19:14:16 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$

[2012/11/23 04:06:19 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/11/23 04:06:19 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/11/23 02:56:18 | 000,000,000 | R--D | C] -- C:\Sandbox

[2012/11/23 02:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie

[2012/11/23 02:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie

[2012/11/15 12:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/11/15 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012/11/15 05:09:25 | 000,000,000 | ---D | C] -- C:\Windows\XSxS

[2012/11/15 04:22:43 | 000,000,000 | ---D | C] -- C:\Users\vader\AppData\Roaming\Malwarebytes

[2012/11/15 04:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/15 04:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/15 04:22:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/15 04:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2031/01/10 18:18:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2031/01/01 15:35:55 | 000,001,449 | ---- | M] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2030/12/29 05:20:42 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2030/12/29 02:13:34 | 000,004,096 | ---- | M] () -- C:\Windows\SysWow64\wztrmlhe

[2030/12/29 02:12:14 | 000,032,768 | ---- | M] () -- C:\Windows\muzgraqe

[2030/12/29 02:12:14 | 000,020,480 | ---- | M] () -- C:\Windows\povsxypt

[2030/12/29 02:12:14 | 000,004,096 | ---- | M] () -- C:\Windows\wfgtubjl

[2030/12/29 02:12:14 | 000,004,096 | ---- | M] () -- C:\Windows\ptpbgptt

[2030/12/29 02:12:14 | 000,004,096 | ---- | M] () -- C:\Windows\oymoksqq

[2030/12/29 02:12:14 | 000,004,096 | ---- | M] () -- C:\Windows\bllopfmv

[2030/12/29 02:02:02 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf

[2030/12/28 19:54:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf

[2030/12/28 19:53:38 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin

[2012/12/12 23:09:51 | 001,310,720 | ---- | M] () -- C:\Users\vader\NTUSER.bak

[2012/12/12 23:09:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vader\Desktop\OTL.exe

[2012/12/12 23:01:01 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/12 23:01:01 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/12 22:52:06 | 000,000,017 | ---- | M] () -- C:\Users\vader\AppData\Local\resmon.resmoncfg

[2012/12/12 15:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/12 15:30:48 | 3151,273,984 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/12 15:19:59 | 000,545,819 | ---- | M] () -- C:\Users\vader\Desktop\adwcleaner.exe

[2012/12/12 15:16:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\vader\Desktop\aswMBR.exe

[2012/12/11 23:21:18 | 000,002,298 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2012/12/11 22:07:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/11 22:07:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/11 22:07:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/11 12:02:52 | 000,001,221 | ---- | M] () -- C:\Users\vader\Desktop\CoreTemp.ini

[2012/12/11 11:55:37 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\JetBoost.lnk

[2012/12/11 10:58:03 | 005,011,065 | ---- | M] (Swearware) -- C:\Users\vader\Desktop\ComboFix.exe

[2012/12/10 21:47:03 | 000,000,698 | ---- | M] () -- C:\Users\vader\Desktop\startup_options.xml

[2012/12/10 13:48:48 | 000,145,256 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\LnkProtect.dll

[2012/12/10 13:48:21 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2012/12/09 02:24:04 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\vader\Desktop\tdsskiller.exe

[2012/12/07 23:56:29 | 001,174,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/07 23:56:29 | 000,549,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/07 23:56:29 | 000,482,270 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat

[2012/12/07 23:56:29 | 000,087,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/07 23:56:29 | 000,068,032 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat

[2012/12/07 20:11:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf

[2012/12/07 18:07:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf

[2012/12/07 18:07:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf

[2012/12/07 18:07:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

[2012/11/28 22:45:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012/11/28 22:45:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012/11/23 02:48:24 | 000,000,896 | ---- | M] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk

[2012/11/20 09:31:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2031/01/10 18:18:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2031/01/01 15:35:55 | 000,001,449 | ---- | C] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2030/12/29 05:20:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2030/12/29 05:19:55 | 000,004,096 | ---- | C] () -- C:\Windows\oymoksqq

[2030/12/29 05:15:57 | 3151,273,984 | -HS- | C] () -- C:\hiberfil.sys

[2030/12/29 02:00:55 | 000,004,096 | ---- | C] () -- C:\Windows\ptpbgptt

[2030/12/28 20:05:23 | 000,001,221 | ---- | C] () -- C:\Users\vader\Desktop\CoreTemp.ini

[2030/12/28 20:05:17 | 000,848,336 | ---- | C] () -- C:\Users\vader\Desktop\Core Temp.exe

[2030/12/28 20:00:21 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2030/12/28 19:55:03 | 000,355,542 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf

[2030/12/28 19:55:03 | 000,056,092 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat

[2030/12/28 19:54:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf

[2030/12/28 19:52:16 | 000,246,804 | ---- | C] () -- C:\Windows\SysNative\AtherosBT.bin

[2030/12/28 19:49:26 | 000,004,096 | ---- | C] () -- C:\Windows\bllopfmv

[2030/12/28 19:42:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2030/12/28 19:42:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin

[2030/12/28 19:42:01 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll

[2030/12/28 19:40:29 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2030/12/28 19:40:29 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll

[2030/12/28 19:40:27 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\wztrmlhe

[2030/12/28 19:35:17 | 000,001,421 | ---- | C] () -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2030/12/28 19:35:13 | 000,001,455 | ---- | C] () -- C:\Users\vader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2030/12/28 19:33:05 | 000,032,768 | ---- | C] () -- C:\Windows\muzgraqe

[2030/12/28 19:29:49 | 001,310,720 | ---- | C] () -- C:\Users\vader\NTUSER.bak

[2030/12/28 19:29:49 | 000,000,290 | ---- | C] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2030/12/28 19:29:49 | 000,000,272 | ---- | C] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/12/12 22:52:06 | 000,000,017 | ---- | C] () -- C:\Users\vader\AppData\Local\resmon.resmoncfg

[2012/12/12 15:19:59 | 000,545,819 | ---- | C] () -- C:\Users\vader\Desktop\adwcleaner.exe

[2012/12/11 11:55:37 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\JetBoost.lnk

[2012/12/10 20:41:09 | 000,000,698 | ---- | C] () -- C:\Users\vader\Desktop\startup_options.xml

[2012/12/10 13:46:37 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2012/12/07 20:11:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf

[2012/12/07 18:07:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf

[2012/12/07 18:07:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf

[2012/12/07 18:07:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

[2012/11/29 18:43:10 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin

[2012/11/28 22:45:04 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml

[2012/11/28 22:45:04 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml

[2012/11/28 12:33:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2012/11/23 04:06:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/23 02:48:31 | 000,000,896 | ---- | C] () -- C:\Users\vader\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk

[2012/11/23 02:48:29 | 000,002,298 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2012/11/15 04:22:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/04 15:00:06 | 001,297,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/10/22 17:40:04 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/09/28 10:51:48 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2012/09/28 10:51:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2012/05/21 12:03:36 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/05/21 12:03:36 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

MBAM:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.12.13

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

vader :: VADER-PC [administrator]

12/12/2012 23:29:10

mbam-log-2012-12-12 (23-29-10).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 245817

Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

which one file ?

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.