Jump to content

Trojan.Agent/Gen-CDesc[LordPE].Process && Disabled.SecurityCenterOption - Unstoppable Infection

overkill99
 Share

Recommended Posts

overkill99

overkill99

Posted
Posted

During some web browsing, both SUPERAntiSpyware and MalwareBytes flared, warning me that (from MalwareBytes) mbamgui.exe was performing malicious behaviour and (from SAS) that there was a trojan (Trojan.Agent/Gen-CDESC[LordPE].Process) known as "C:/HCFX.EXE" ...

During scans of my system, it would pick up the following "threats" ...

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Here are the logs I collected:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Benjamin at 23:34:50 on 2013-04-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.15256 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

mWinlogon: Userinit = userinit.exe,

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

TCP: Interfaces\{583061C0-697A-4239-8C46-0187D1AD694F} : DHCPNameServer = 192.168.1.1

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-9 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-9 38016]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-9 349800]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-9 38456]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-9 203264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 682344]

S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-9 1119768]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-12 386344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-21 126976]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-3 24176]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-5 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-5 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

.

=============== Created Last 30 ================

.

2013-04-08 01:25:22 388096 ----a-r- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25:22 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-04-07 23:25:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-04-07 22:14:29 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-04-05 08:13:39 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12D5E54F-AC2F-4C5F-875C-17C5F62CD44A}\mpengine.dll

2013-04-04 19:24:10 -------- d-----w- C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41:41 -------- d-----w- C:\Fraps

2013-03-25 23:47:11 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-22 07:09:21 -------- d-----w- C:\Program Files (x86)\glassfish-3.1.2.2

2013-03-17 09:12:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34:18 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48:32 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48:32 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48:31 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44:35 -------- d-----w- C:\Riot Games

2013-03-17 02:49:59 -------- d-----w- C:\Program Files (x86)\League of Legends

2013-03-17 02:48:43 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-03-17 02:46:12 -------- d-----w- C:\Users\Benjamin\.swt

2013-03-16 01:52:25 -------- d-----w- C:\ProgramData\CLSoft LTD

2013-03-16 01:52:23 -------- d-----w- C:\ProgramData\Premium

2013-03-16 01:52:22 -------- d-----w- C:\Program Files (x86)\MagniPic

2013-03-16 01:52:15 -------- d-----w- C:\ProgramData\InstallMate

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-11 07:15:17 -------- d-----w- C:\Program Files (x86)\HydraIRC

2013-03-11 07:12:49 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\mIRC

.

==================== Find3M ====================

.

2013-03-17 09:12:07 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-13 09:42:39 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 09:42:39 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-26 06:31:28 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2013-02-26 06:31:26 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

.

============= FINISH: 23:36:04.48 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/09/2011 17:11:17

System Uptime: 07/04/2013 22:21:50 (1 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon™ II X4 640 Processor | CPU 1 | 2992/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 686 GiB total, 475.203 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.538 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP336: 02/04/2013 04:00:10 - Windows Update

RP337: 04/04/2013 15:23:04 - Installed DirectX

RP338: 04/04/2013 19:16:27 - Installed DirectX

RP339: 05/04/2013 04:13:26 - Windows Update

RP340: 06/04/2013 00:42:59 - Removed QuickTime

RP341: 06/04/2013 00:44:55 - Installed QuickTime

RP342: 07/04/2013 03:40:25 - Malwarebytes Anti-Rootkit Restore Point

RP343: 07/04/2013 04:00:26 - Malwarebytes Anti-Rootkit Restore Point

RP344: 07/04/2013 13:24:38 - Malwarebytes Anti-Rootkit Restore Point

RP345: 07/04/2013 21:24:58 - Installed HiJackThis

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11.6

Antichamber

Apple Application Support

Apple Software Update

applicationupdater

ARMA 2

ARMA 2: Operation Arrowhead

ARMA 2: Operation Arrowhead Beta

Arma 3 Alpha

BattlEye for OA Uninstall

BattlEye Uninstall

CameraHelperMsi

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP560 series MP Drivers

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 6.2

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC3

Crusader Kings II

CyberLink DVD Suite Deluxe

CyberLink PowerDirector

CyberLink WaveEditor

D3DX10

DVD Menu Pack for HP MediaSmart Video

erLT

Fraps (remove only)

gamelauncher-code4344-beta

gamelauncher-ps2-live

GlassFish Server Open Source Edition 3.1.2

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Chrome Frame

Google Earth

Google Update Helper

Hacker Evolution Duality

HiJackThis

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Odometer

HP Support Information

HPAsset component for HP Active Support Library

HydraIRC

Java 7 Update 17

Java Auto Updater

Java SE Development Kit 7 Update 15

Junk Mail filter update

League of Legends

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

Lua for Windows 5.1.4-46

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MagniPic

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Beta

Microsoft Application Error Reporting

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office 2010

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Game Long Name

NetBeans IDE 7.1.2

NetBeans IDE 7.3

NETGEAR WG111v3 wireless USB 2.0 adapter

Notepad++

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Omerta - City of Gangsters

OpenAL

Paint.NET v3.5.10

PDF Complete Special Edition

PlanetSide 2

Play withSIX

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

PowerDirector

Proteus

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

ROBLOX Player

ROBLOX Studio 2013

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

Sid Meier's Civilization V

Simple Adblock

Six Updater

Skype™ 6.3

Steam

SUPERAntiSpyware

Supreme Ruler 2020: Gold

Supreme Ruler Cold War

swMSM

Team Fortress 2

TeamSpeak 3 Client

The Sims™ 3

Tropico 4

Ubisoft Game Launcher

Unity Web Player

Visual Studio 2008 x64 Redistributables

WebM Media Foundation Components

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

07/04/2013 22:29:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

07/04/2013 22:22:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2013 22:22:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2013 22:22:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

07/04/2013 22:22:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

07/04/2013 22:22:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

07/04/2013 22:22:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

07/04/2013 22:22:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

07/04/2013 22:21:08, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

07/04/2013 22:21:08, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.

07/04/2013 22:19:52, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 22:19:52, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 22:19:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

07/04/2013 21:52:10, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

07/04/2013 20:58:12, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

07/04/2013 19:21:42, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

07/04/2013 19:21:40, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:40, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 19:21:39, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:39, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 16:52:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

02/04/2013 15:17:47, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

02/04/2013 15:17:47, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Please download Gmer from here and save it to your Desktop.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All (don't miss this one)

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

- I see this, and I tend not to use slang or idioms already as it is. That is interesting to hear, too! Obwohl, ich spreche nur wenig Deutsch

Download OTL to your Desktop.

- I have done this. I would like to mention that, even though my computer says that I am from the United Kingdom, I am Irish and Scottish and live in the United States.

Here are the logs:

OTL logfile created on: 08/04/2013 13:22:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benjamin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 14.92 Gb Available Physical Memory | 93.25% Memory free

32.00 Gb Paging File | 30.94 Gb Available in Paging File | 96.70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 685.71 Gb Total Space | 475.21 Gb Free Space | 69.30% Space Free | Partition Type: NTFS

Drive D: | 12.83 Gb Total Space | 1.54 Gb Free Space | 11.99% Space Free | Partition Type: NTFS

Computer Name: BENJAMIN-HP | User Name: Benjamin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 13:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)

SRV:64bit: - [2010/08/05 23:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/03/13 05:42:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/02/21 03:51:51 | 000,126,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)

SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/04/13 18:40:59 | 000,558,888 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/01/30 18:59:44 | 000,103,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2010/09/28 12:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/08/13 09:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/13 09:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)

DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/11/18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...c5-64315044d270

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{21E6EC67-BE3E-4FE3-AA51-B484ED1263C7}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {765C390E-D7D5-4A49-BFB9-F18FF0CF04F8}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF

IE - HKCU\..\SearchScopes\{765C390E-D7D5-4A49-BFB9-F18FF0CF04F8}: "URL" = http://www.google.co...1I7AURU_enUS499

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}

IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops

IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-5c703d6176af434b\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: https://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-8662400b82814a15\\NPRobloxProxy.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll (Google Inc.)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://oceanscene-la...MJPEGRender.ocx (MJPEGRender Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{583061C0-697A-4239-8C46-0187D1AD694F}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/04/07 02:59:56 | 000,000,269 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2013/04/07 02:59:56 | 000,000,219 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 13:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe

[2013/04/07 23:32:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Benjamin\Desktop\dds.scr

[2013/04/07 21:25:23 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2013/04/07 21:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2013/04/07 19:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/04/07 19:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/04/07 19:24:34 | 023,909,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Benjamin\Desktop\SUPERAntiSpywarePro.exe

[2013/04/07 18:14:29 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

[2013/04/07 18:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/04/06 21:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/06 00:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/04/06 00:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013/04/06 00:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2013/04/04 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\Arma 3 Alpha

[2013/04/04 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

[2013/04/03 13:41:41 | 000,000,000 | ---D | C] -- C:\Fraps

[2013/03/31 20:14:53 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\APC

[2013/03/23 09:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/22 05:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/03/22 03:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\glassfish-3.1.2.2

[2013/03/19 05:08:31 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\ROBLOX

[2013/03/17 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\LolClient

[2013/03/16 23:44:35 | 000,000,000 | ---D | C] -- C:\Riot Games

[2013/03/16 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2013/03/16 22:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends

[2013/03/16 22:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2013/03/16 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\.swt

[2013/03/15 21:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD

[2013/03/15 21:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2013/03/15 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagniPic

[2013/03/15 21:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2013/03/15 06:14:49 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Dev

[2013/03/15 06:13:02 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\MyFiles

[2013/03/15 05:56:37 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Gaming

[2013/03/15 05:55:39 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Communication

[2013/03/15 05:54:54 | 000,000,000 | R--D | C] -- C:\Users\Benjamin\Desktop\Tools

[2013/03/11 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HydraIRC

[2013/03/11 03:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HydraIRC

[2013/03/11 03:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HydraIRC

[2013/03/11 03:12:49 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\mIRC

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/08 13:22:29 | 000,784,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/08 13:22:29 | 000,668,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/08 13:22:29 | 000,126,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/08 13:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe

[2013/04/08 13:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/08 13:17:57 | 4294,402,046 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/07 23:32:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Benjamin\Desktop\dds.scr

[2013/04/07 21:52:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/07 21:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/07 21:25:23 | 000,002,991 | ---- | M] () -- C:\Users\Benjamin\Desktop\HiJackThis.lnk

[2013/04/07 21:03:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/07 21:03:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/07 20:59:30 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/07 19:25:05 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2013/04/07 19:24:48 | 023,909,512 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Benjamin\Desktop\SUPERAntiSpywarePro.exe

[2013/04/07 18:14:36 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

[2013/04/07 18:14:36 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

[2013/04/07 02:59:56 | 000,000,269 | RHS- | M] () -- C:\autorun.inf

[2013/04/06 15:30:57 | 000,000,538 | ---- | M] () -- C:\Users\Benjamin\SciTE.recent

[2013/04/06 15:30:57 | 000,000,021 | ---- | M] () -- C:\Users\Benjamin\SciTE.session

[2013/04/06 13:29:06 | 000,250,192 | ---- | M] () -- C:\Users\Benjamin\Desktop\SLAVEOFGOD.pds

[2013/04/03 12:09:36 | 000,297,650 | ---- | M] () -- C:\Users\Benjamin\Desktop\Overkill Catacombs 01.pdf

[2013/03/26 21:57:20 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBENJAMIN-HP$.job

[2013/03/26 03:17:39 | 000,002,245 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/03/23 09:53:32 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/15 21:52:11 | 000,000,112 | ---- | M] () -- C:\prefs.js

[2013/03/15 20:42:42 | 000,001,099 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2013/03/15 20:42:41 | 000,789,274 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/03/15 15:02:28 | 000,369,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/03/15 06:16:12 | 000,001,051 | ---- | M] () -- C:\Users\Benjamin\Desktop\Pictures - Shortcut.lnk

[2013/03/15 06:16:04 | 000,001,058 | ---- | M] () -- C:\Users\Benjamin\Desktop\Documents - Shortcut.lnk

[2013/03/15 01:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2013/03/13 12:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[2013/03/11 03:15:17 | 000,001,875 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\HydraIRC.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/07 21:25:23 | 000,002,991 | ---- | C] () -- C:\Users\Benjamin\Desktop\HiJackThis.lnk

[2013/04/07 19:25:05 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2013/04/07 18:14:36 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

[2013/04/07 18:14:36 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

[2013/04/07 02:59:13 | 000,000,269 | RHS- | C] () -- C:\autorun.inf

[2013/04/06 00:42:32 | 000,250,192 | ---- | C] () -- C:\Users\Benjamin\Desktop\SLAVEOFGOD.pds

[2013/04/03 12:09:51 | 000,297,650 | ---- | C] () -- C:\Users\Benjamin\Desktop\Overkill Catacombs 01.pdf

[2013/03/26 05:36:46 | 000,236,214 | ---- | C] () -- C:\Users\Benjamin\Desktop\YouTube Template non-photoshop.jpg

[2013/03/23 09:53:31 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/22 05:12:27 | 000,002,245 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/03/15 21:52:11 | 000,000,112 | ---- | C] () -- C:\prefs.js

[2013/03/15 06:16:12 | 000,001,051 | ---- | C] () -- C:\Users\Benjamin\Desktop\Pictures - Shortcut.lnk

[2013/03/15 06:16:04 | 000,001,058 | ---- | C] () -- C:\Users\Benjamin\Desktop\Documents - Shortcut.lnk

[2013/03/11 03:15:17 | 000,001,875 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\HydraIRC.lnk

[2013/02/23 03:36:56 | 000,000,047 | ---- | C] () -- C:\Users\Benjamin\jagex_cl_oldschool_LIVE.dat

[2013/02/23 03:36:56 | 000,000,001 | ---- | C] () -- C:\Users\Benjamin\random.dat

[2013/01/25 01:35:33 | 000,000,538 | ---- | C] () -- C:\Users\Benjamin\SciTE.recent

[2013/01/25 01:35:33 | 000,000,021 | ---- | C] () -- C:\Users\Benjamin\SciTE.session

[2012/03/25 17:45:09 | 000,007,607 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg

[2012/02/09 04:57:33 | 000,000,145 | ---- | C] () -- C:\Users\Benjamin\.appletviewer

[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/11/23 11:56:26 | 000,789,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/01 19:23:55 | 000,000,441 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\net.telestream.producer.xml

[2011/09/03 18:30:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/15 06:10:50 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.minecraft

[2012/07/24 21:03:32 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.Nitrous

[2012/07/15 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.techniclauncher

[2012/04/12 01:57:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Firefly Studios

[2012/12/22 23:06:51 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Kalypso Media

[2012/03/31 22:08:44 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Leadertech

[2013/03/17 03:34:18 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\LolClient

[2013/02/22 02:35:14 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\NetBeans

[2012/06/11 05:29:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\NewspaperDirect

[2013/04/01 23:57:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Notepad++

[2013/04/04 20:15:50 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Omerta

[2012/10/20 15:39:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Play withSIX

[2012/05/11 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\RenPy

[2012/04/23 06:26:32 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\SecondLife

[2013/02/21 00:54:24 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\six-updater

[2012/09/13 19:03:22 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\six-zsync

[2013/02/14 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Sony Online Entertainment

[2012/08/15 04:58:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Spirited Machine

[2012/06/16 04:07:06 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\The Creative Assembly

[2012/12/31 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tropico 4

[2012/12/19 03:53:40 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TS3Client

[2012/09/20 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ts3overlay

[2012/12/29 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Unity

[2012/03/24 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Ustream Producer

========== Purity Check ==========

< End of report >

(This post is continued in another reply)

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

OTL Extras logfile created on: 08/04/2013 13:22:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benjamin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 14.92 Gb Available Physical Memory | 93.25% Memory free

32.00 Gb Paging File | 30.94 Gb Available in Paging File | 96.70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 685.71 Gb Total Space | 475.21 Gb Free Space | 69.30% Space Free | Partition Type: NTFS

Drive D: | 12.83 Gb Total Space | 1.54 Gb Free Space | 11.99% Space Free | Partition Type: NTFS

Computer Name: BENJAMIN-HP | User Name: Benjamin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"UacDisableNotify" = 1

"ANTIVIRUSDISABLENOTIFY" = 1

"FIREWALLDISABLENOTIFY" = 1

"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{029F768F-EEB1-47A5-BC77-FF90C3A684DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{AF4A9238-B947-430F-958E-7047E8865D3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0282EBD7-103D-4035-B826-5328C8596ABD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{06C501FD-6F7C-4114-BFFA-C134F283422F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{06D547FE-06D7-4121-A92B-15D39F34F492}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\omerta\omertasteam.exe |

"{0A18D787-5B84-47C3-B807-DC78A0FBD541}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{0C220C85-51E1-465C-BC58-3F2E94E1EEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{0E34275B-0236-4B1B-8683-903E28B16FA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{0F3B2826-3E75-4502-AECA-FBF78F834CCF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{0F7FF0F6-0A80-45EF-B777-94CE3CE3290B}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{103FC7FF-C352-4843-921D-A350967A24D2}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{17B95BA2-B2C6-46E4-B263-65CA0217EE87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\ndsrv.exe |

"{18BD1612-5051-41B1-ACF4-383244D88FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |

"{233E8602-5277-4DA2-AB83-0E5BB3DF8F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme ruler cold war\supremerulercw.exe |

"{2BF8A0AD-CCFC-41A2-9158-3B5ED5A7A8AC}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"{354D20BF-A902-4B22-AFA4-BAEC95A2CE8C}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{3821FD29-DADE-42DA-AC2E-C13A86973EE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{440C7B2B-2A5D-4010-A104-1A52A16AAC94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{498286DB-5AE5-406D-84B2-D1D0468DF7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{49B829C6-64BB-4E64-83A5-0A04184C94D5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |

"{5143A681-D952-4C49-B749-C1B1047FB422}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |

"{525D63A1-A3AB-46D0-A1EB-78013BD4CDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |

"{55E8CE1D-4B7A-4D83-990D-5F26766913F8}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"{577CC27D-6EC8-4139-BA92-0A1511C8844E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |

"{582E9A6F-C0EC-413D-B524-54200878ED66}" = protocol=6 | dir=in | app=c:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe |

"{5A8A6C84-F926-4DC5-9050-CA9515F118B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\ndsrv.exe |

"{5FDDE96C-93F7-4BE8-8CEB-E73EFC84F49D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{65773489-1108-49B5-A6C9-DA5769E94B50}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"{65E1D056-ECC4-491C-8A8C-F8937A4EED5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme ruler 2020\supremeruler2020gc.exe |

"{69EFB6D6-2807-4697-A987-C835C0092CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |

"{749B8043-D859-44BC-8424-FA2C73909869}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{7733431D-BC80-40D7-9DDC-77C8F40AC7D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{79E55F85-0765-468A-9ADE-E2F316F5AA3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{7F8D06DC-A081-4117-BBA2-8383E6491D07}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{827A86CB-094F-4692-9E6A-36B3D7A0E96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{87E139A7-9ED0-4DB1-8FE3-D9B149855F95}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{8ADED747-55E5-4FD9-8D2C-2C7B62B9BA44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe |

"{8B650CF0-6602-4A60-9E75-FBF70DB6C5E6}" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\vghd\bin\virtuagirl_downloader.exe |

"{95BAB366-B146-4FCF-A149-A4365B2535FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |

"{98EBC626-2BDB-40C4-8C9E-326305032A64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe |

"{9F80F874-EC33-41FA-ACD7-ED5C03A5F44F}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |

"{A38B6BE7-369E-45B7-A6E8-64CCB4FA0E52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme ruler 2020\supremeruler2020gc.exe |

"{A5570AC0-263E-40C6-89D1-32F842B903CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"{A56DE679-2B4E-4100-B666-82B598A3869F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |

"{AC1CC8A8-076C-40D6-B0D6-557D2A7573EA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{B0F78A7A-9EDF-48FB-A1AA-54C3F46493E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |

"{B10E9229-C514-4CA9-8DCA-C81CE45662D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B5633152-7397-461B-B579-ECF881E7713B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{B61B6041-4843-43A3-9713-D8687A7AF9FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |

"{B85F0D46-8CA3-4629-BC44-5698E6F30E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |

"{B8C1AF13-73F9-4986-B558-DE92580B8ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme ruler cold war\supremerulercw.exe |

"{BD67E13B-A225-413C-8CDB-9E295978839C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{BE8EFFB0-CC21-45C4-A739-7F0EDA2659F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\omerta\omertasteam.exe |

"{C0BADA77-AFA0-4DDD-81F0-F7CFE5B8B943}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |

"{C7AC8F60-EEF5-4F9D-95AB-5FF19AE0B7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe |

"{CD7FB9CA-2BD0-4DF8-A9F1-A7D18C4BB0EE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{CE13E033-413C-467D-9575-90D37BA15C13}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"{D9FCD77A-F02B-4975-8DE4-8AAD2C3148E2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{DA73398A-3A67-4535-A7DC-8F6A91502686}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |

"{DAD547AF-84D2-4FDF-8480-58BDD51D6049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution duality\hacker evolution duality.exe |

"{DCC89402-0A56-4754-A543-307F6684DAD9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{DCD3867A-391A-47F5-8EE7-9A9054989BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

"{DE56F7ED-84AE-487C-A1E4-B91D97020D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |

"{E0DBB890-DCBF-41A9-861C-876C6E854A70}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"{E2482A3C-53DA-4560-8519-30256772D9CE}" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\vghd\bin\virtuagirl_downloader.exe |

"{EFFF2C99-7FB4-43C3-B1ED-67697CE093E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |

"{F3591DE9-452E-4A81-9882-AFAD84541539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{F41D9EDC-C84E-44CA-8E14-B3EFE8A05055}" = protocol=17 | dir=in | app=c:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe |

"{F4CC6AEB-1E5C-45A9-ABE3-75CE53FF5A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{F619504A-B433-40F6-A802-12F0C92BE256}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |

"{FBA6B140-EE19-47ED-B6F7-40255579A157}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe |

"{FCD16A04-D774-4E2D-99CC-925A37181F48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe |

"{FF7BCF65-5CD5-407B-9A64-93CF37FBD764}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |

"TCP Query User{01E89742-4B49-4C30-B823-92048F011B89}C:\users\benjamin\appdata\local\temp\winivhuwx.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\winivhuwx.exe |

"TCP Query User{1BA9D809-F826-4E67-B15B-B5524417D35A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{1E72878C-02C0-4B00-A930-718EE9986B7A}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |

"TCP Query User{3078D6C1-59D1-46F0-9482-6C9171F94327}C:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe |

"TCP Query User{3616BCB4-D103-493B-BA55-2AF552C3A6AF}C:\users\benjamin\appdata\local\temp\winswmwt.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\winswmwt.exe |

"TCP Query User{40050093-800C-4FBA-9808-44E9CA0BFD99}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{42F82A57-58BA-4B6F-9EDB-AFE4BA89321A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{48826FDD-DA64-4924-871F-2CBDF0D68391}C:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe |

"TCP Query User{62FA793E-7B6D-4706-BB38-C6807859725C}C:\users\benjamin\appdata\local\temp\isdcq.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\isdcq.exe |

"TCP Query User{632D74BB-C0C5-4F14-8031-B7425C05B0F9}C:\users\benjamin\appdata\local\temp\buntnf.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\buntnf.exe |

"TCP Query User{67FC06C9-7241-4F80-9E6E-16B62F9EECA7}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |

"TCP Query User{749C9080-75FB-44DC-82FA-1550D3B4F61D}C:\users\benjamin\appdata\local\temp\winvbvs.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\winvbvs.exe |

"TCP Query User{77B5EB9D-0672-4DEA-96F9-0107C666A70C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{7CFD5556-2147-46BC-9D08-35B01EE08D56}C:\users\benjamin\appdata\local\temp\bftag.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\bftag.exe |

"TCP Query User{81B4DE48-133D-41BF-B5BB-3105271BA97C}C:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |

"TCP Query User{83A2D77E-4BF0-445B-A749-638674F3CE85}C:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe |

"TCP Query User{96CEBBC5-C415-4F32-AADF-2CFB575BED65}C:\program files (x86)\steam\steamapps\sir_ben99\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sir_ben99\team fortress 2\hl2.exe |

"TCP Query User{A7B48772-7BBE-40B7-9147-CD34C605E019}C:\users\benjamin\appdata\local\temp\winghcjt.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\winghcjt.exe |

"TCP Query User{AB675242-70F4-44A9-B055-D60A6DD785C4}C:\users\benjamin\appdata\local\temp\winakwpfq.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\winakwpfq.exe |

"TCP Query User{AC285552-7601-479F-8D1F-32D1B9F13269}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{B306BACD-C5EB-427A-AC5A-7EA1C48A291A}C:\users\benjamin\appdata\local\temp\windfrqon.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\windfrqon.exe |

"TCP Query User{B61A16DE-C532-42FA-9AAF-04D6D37D867A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"TCP Query User{CC14B2EC-4304-4850-9B16-26DA6E2AD879}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"TCP Query User{CDD928DD-E067-4B98-8034-8CBDBB8D06D8}C:\program files (x86)\java\jdk1.7.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0\bin\java.exe |

"TCP Query User{DDDDE1BD-5E56-4545-9227-7BFCC3BE5A73}C:\program files (x86)\microsoft office\office11\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office11\outlook.exe |

"TCP Query User{F1906A14-19B1-4BC5-8E16-25FE8B0993B7}C:\users\benjamin\appdata\local\temp\wingvocjw.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\wingvocjw.exe |

"UDP Query User{0E0C4053-5C97-4A4E-905C-477E2A7BA910}C:\users\benjamin\appdata\local\temp\windfrqon.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\windfrqon.exe |

"UDP Query User{23B6B7C4-4945-4DE8-9424-6D4C21AF800C}C:\users\benjamin\appdata\local\temp\buntnf.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\buntnf.exe |

"UDP Query User{2A642DCC-07E5-4B12-B8A2-C19C847AE93A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{31E7DB58-E544-48C3-A22B-90BA534A6183}C:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe |

"UDP Query User{4F7922E0-EE3B-4759-83C4-1D92D905BC94}C:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_01\jre\bin\javaw.exe |

"UDP Query User{57F09B1D-6D2C-4DB7-AF78-7A0ED7320CAD}C:\users\benjamin\appdata\local\temp\winakwpfq.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\winakwpfq.exe |

"UDP Query User{5993B4EF-9763-42A3-889C-82C6BF574FDF}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"UDP Query User{637F3297-C622-4131-9215-F8CDD95BB251}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{63ACDF04-A027-4F11-8D47-7EC8A65A217A}C:\users\benjamin\appdata\local\temp\wingvocjw.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\wingvocjw.exe |

"UDP Query User{9B64CCC7-DB3A-493F-A516-EB13892B1644}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{9D1E002D-4DA7-4EAC-A013-758056EBCB1D}C:\program files (x86)\steam\steamapps\sir_ben99\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sir_ben99\team fortress 2\hl2.exe |

"UDP Query User{9E539067-6420-49D0-9D56-2B80522986EF}C:\program files (x86)\java\jdk1.7.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0\bin\java.exe |

"UDP Query User{A519AC1F-55EB-402D-B2F0-368319EAECDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{A91CB311-A580-4F87-849C-3F7FA78DDBF2}C:\users\benjamin\appdata\local\temp\bftag.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\bftag.exe |

"UDP Query User{B088B163-B815-4500-8B96-39693F3DE619}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{C205FEDB-78C2-4573-8C1C-F6611D949E5B}C:\users\benjamin\appdata\local\temp\winswmwt.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\winswmwt.exe |

"UDP Query User{CA2E0055-25CB-400E-A599-5880CDDBC8FA}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |

"UDP Query User{D5F1B46A-1D90-4010-834D-A928285BCF79}C:\users\benjamin\appdata\local\temp\winghcjt.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\winghcjt.exe |

"UDP Query User{D70A1307-1CCE-43CD-B6E0-7EE3F40CF475}C:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe |

"UDP Query User{E20C3E8C-123D-437D-AF6A-7486C77E2BCE}C:\users\benjamin\appdata\local\temp\winivhuwx.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\winivhuwx.exe |

"UDP Query User{E7649EC6-3904-4DC3-9817-CCC4C5621D7D}C:\program files (x86)\microsoft office\office11\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office11\outlook.exe |

"UDP Query User{ECBACCBB-F87D-4361-A10D-B94479728F5D}C:\users\benjamin\appdata\local\temp\winvbvs.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\winvbvs.exe |

"UDP Query User{EE54D39E-90CE-4537-8C23-A15C53CB5F19}C:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ustream\ustream producer\rsrc\desktop presenter.exe |

"UDP Query User{F64BC4AA-E22D-42CE-80C6-9CC934CB6F71}C:\users\benjamin\appdata\local\temp\isdcq.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\isdcq.exe |

"UDP Query User{F8BFE9EB-9A7F-405C-8712-DE4BA085B5FC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{F9A96FE1-C14E-4AFB-AC62-9DDD6613FF0F}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{243A908C-1579-4283-A068-5D5BFFD9B27A}" = MagniPic

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{795AE7FA-334A-3348-A358-6F56377B8639}" = Microsoft .NET Framework 4.5 Beta

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 Beta

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64

"MagniPic" =

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UDK-21abbb1a-734f-4d64-bd4a-5808429272a3" = My Game Long Name

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing

"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static

"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All

"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian

"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor

"{32A3A4F4-B792-11D6-A78A-00B0D0170150}" = Java SE Development Kit 7 Update 15

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player

"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU

"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista

"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English

"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian

"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German

"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese

"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B4920103-09F6-4AD2-B150-CFC4474D2DDC}" = Simple Adblock

"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish

"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian

"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"Cheat Engine 6.2_is1" = Cheat Engine 6.2

"Fraps" = Fraps (remove only)

"Google Chrome" = Google Chrome

"Google Chrome Frame" = Google Chrome Frame

"HydraIRC" = HydraIRC

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor

"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Logitech Vid" = Logitech Vid HD

"LogMeIn Hamachi" = LogMeIn Hamachi

"Lua_is1" = Lua for Windows 5.1.4-46

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU

"nbi-glassfish-mod-3.1.2.23.0" = GlassFish Server Open Source Edition 3.1.2

"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2

"nbi-nb-base-7.1.2.0.0" = NetBeans IDE 7.1.2

"nbi-nb-base-7.3.0.0.201302132200" = NetBeans IDE 7.3

"Notepad++" = Notepad++

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PDF Complete" = PDF Complete Special Edition

"SP_008a99b9" =

"Steam App 107410" = Arma 3 Alpha

"Steam App 203770" = Crusader Kings II

"Steam App 208520" = Omerta - City of Gangsters

"Steam App 219540" = ARMA 2: Operation Arrowhead Beta

"Steam App 219680" = Proteus

"Steam App 219890" = Antichamber

"Steam App 25910" = Supreme Ruler 2020: Gold

"Steam App 33900" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 440" = Team Fortress 2

"Steam App 47890" = The Sims™ 3

"Steam App 57690" = Tropico 4

"Steam App 70120" = Hacker Evolution Duality

"Steam App 73220" = Supreme Ruler Cold War

"Steam App 8930" = Sid Meier's Civilization V

"webmmf" = WebM Media Foundation Components

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"SOE-" = gamelauncher-code4344-beta

"SOE-C:/Users/Benjamin/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater

"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live

"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta

"soe-PlanetSide 2" = PlanetSide 2

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/03/2013 02:28:12 | Computer Name = Benjamin-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 10/03/2013 15:18:43 | Computer Name = Benjamin-HP | Source = Application Hang | ID = 1002

Description = The program steam.exe version 1.68.4.89 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 10c0 Start Time:

01ce188fe0ea6091 Termination Time: 204 Application Path: C:\Program Files (x86)\Steam\steam.exe

Report

Id: 4f922852-89b7-11e2-adec-64315044d270

Error - 10/03/2013 15:55:42 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x51266142 Faulting module name: libcef.dll, version: 1.989.464.0, time stamp: 0x5119b228

Exception

code: 0xc0000096 Fault offset: 0x007aa9ee Faulting process id: 0x56e0 Faulting application

start time: 0x01ce1dc537ef60f3 Faulting application path: c:\program files (x86)\steam\steamapps\sir_ben99\team

fortress 2\hl2.exe Faulting module path: c:\program files (x86)\steam\steamapps\sir_ben99\team

fortress 2\bin\libcef.dll Report Id: 7d00b8e3-89bc-11e2-adec-64315044d270

Error - 10/03/2013 15:55:42 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program hl2.exe because of this error. Program: hl2.exe File: The error

value is listed in the Additional Data section. User Action 1. Open the file again.

This

situation might be a temporary problem that corrects itself when the program runs

again. 2. If the file still cannot be accessed and - It is on the network, your network

administrator should verify that there is not a problem with the network and that

the server can be contacted. - It is on a removable disk, for example, a floppy

disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check

and repair the file system by running CHKDSK. To run CHKDSK, click Start, click

Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then

press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.

Determine whether other files on the same disk can be opened. If not, the disk might

be damaged. If it is a hard disk, contact your administrator or computer hardware

vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 10/03/2013 21:32:51 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1000

Description = Faulting application name: ck2.exe, version: 1.0.0.0, time stamp:

0x51023d1c Faulting module name: ck2.exe, version: 1.0.0.0, time stamp: 0x51023d1c

Exception

code: 0xc0000005 Fault offset: 0x004dd904 Faulting process id: 0x89d4 Faulting application

start time: 0x01ce1df083dba585 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Crusader

Kings II\ck2.exe Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Crusader

Kings II\ck2.exe Report Id: 9667dc86-89eb-11e2-adec-64315044d270

Error - 11/03/2013 04:53:17 | Computer Name = Benjamin-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 11/03/2013 19:18:52 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x51266142 Faulting module name: icudt.dll, version: 4.6.0.0, time stamp: 0x4edd32c8

Exception

code: 0xc0000005 Fault offset: 0x004ea9e9 Faulting process id: 0xc70 Faulting application

start time: 0x01ce1ea3c9b071f5 Faulting application path: c:\program files (x86)\steam\steamapps\sir_ben99\team

fortress 2\hl2.exe Faulting module path: c:\program files (x86)\steam\steamapps\sir_ben99\team

fortress 2\bin\icudt.dll Report Id: 08bb80cc-8aa2-11e2-adec-64315044d270

Error - 12/03/2013 08:09:04 | Computer Name = Benjamin-HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 13/03/2013 16:09:06 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16470,

time stamp: 0x510c8801 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,

time stamp: 0x50b83c8a Exception code: 0xc0000005 Fault offset: 0x00035dba Faulting

process id: 0xcb4 Faulting application start time: 0x01ce20269a1689c0 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\syswow64\KERNELBASE.dll Report Id: db031938-8c19-11e2-8ad9-64315044d270

Error - 13/03/2013 16:09:08 | Computer Name = Benjamin-HP | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16470,

time stamp: 0x510c8801 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,

time stamp: 0x50b83c8a Exception code: 0xc000041d Fault offset: 0x00035dba Faulting

process id: 0xcb4 Faulting application start time: 0x01ce20269a1689c0 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\syswow64\KERNELBASE.dll Report Id: dc5d5719-8c19-11e2-8ad9-64315044d270

[ Hewlett-Packard Events ]

Error - 29/09/2011 21:55:21 | Computer Name = Benjamin-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091129095518.xml

File not created by asset agent

Error - 20/10/2011 21:06:26 | Computer Name = Benjamin-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101120090622.xml

File not created by asset agent

Error - 17/11/2011 22:44:47 | Computer Name = Benjamin-HP | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111117094445.xml

File not created by asset agent

[ Media Center Events ]

Error - 12/01/2012 04:30:41 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 3:30:41 AM - Error connecting to the internet. 3:30:41 AM - Unable

to contact server..

Error - 12/01/2012 04:30:50 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 3:30:46 AM - Error connecting to the internet. 3:30:46 AM - Unable

to contact server..

Error - 12/01/2012 05:31:08 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 4:31:08 AM - Error connecting to the internet. 4:31:08 AM - Unable

to contact server..

Error - 12/01/2012 05:31:14 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 4:31:13 AM - Error connecting to the internet. 4:31:13 AM - Unable

to contact server..

Error - 12/01/2012 06:31:32 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 5:31:32 AM - Error connecting to the internet. 5:31:32 AM - Unable

to contact server..

Error - 12/01/2012 06:31:38 | Computer Name = Benjamin-HP | Source = MCUpdate | ID = 0

Description = 5:31:37 AM - Error connecting to the internet. 5:31:37 AM - Unable

to contact server..

[ System Events ]

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:31 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 08/04/2013 13:18:33 | Computer Name = Benjamin-HP | Source = DCOM | ID = 10005

Description =

Error - 08/04/2013 13:18:33 | Computer Name = Benjamin-HP | Source = DCOM | ID = 10005

Description =

Error - 08/04/2013 13:18:33 | Computer Name = Benjamin-HP | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Provider

Host service which failed to start because of the following error: %%1068

Error - 08/04/2013 13:22:33 | Computer Name = Benjamin-HP | Source = DCOM | ID = 10005

Description =

< End of report >

----------------------

Please download Gmer from here and save it to your Desktop.

- Gmer.net would not load and only loaded the "Internet Explorer cannot display the webpage" landing.

Just a quick side-note, the virus appears to still be running in Safe Mode (with Networking) (which I have been using for all of this time) and continues to open backdoor connections and shut off my firewall and other security components.

If you want me to rerun the process again through a regular boot-up, I can. I have been using Safe Mode with the hopes of not allowing the virus to propagate or reproduce.

Thanks!

- Ben

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Appears this link is broken. Will fix it soon but I need you to run another tool

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

- Here is the log I recieved:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 26 days old)

Ran by SYSTEM at 08-04-2013 14:57:29

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [176128 2010-05-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2328496 2012-12-10] (LogMeIn Inc.)

HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [275872 2010-08-23] (CANON INC.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [326576 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)

HKU\Benjamin\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [x]

HKU\Benjamin\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)

HKU\Benjamin\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1631144 2013-03-29] (Valve Corporation)

HKU\Benjamin\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)

3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [126976 2013-02-20] ()

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 NVSvc; "C:\Windows\system32\nvvsvc.exe" [877856 2013-03-14] (NVIDIA Corporation)

2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1266464 2013-03-14] (NVIDIA Corporation)

2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-19] ()

2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [383264 2013-03-14] (NVIDIA Corporation)

2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [x]

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 ALSysIO; \??\C:\Users\Benjamin\AppData\Local\Temp\ALSysIO64.sys [x]

3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [x]

3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-08 09:31 - 2013-04-08 09:31 - 00105166 ____A C:\Users\Benjamin\Desktop\Extras.Txt

2013-04-08 09:29 - 2013-04-08 09:29 - 00086358 ____A C:\Users\Benjamin\Desktop\OTL.Txt

2013-04-08 09:21 - 2013-04-08 09:21 - 00602112 ____A (OldTimer Tools) C:\Users\Benjamin\Desktop\OTL.exe

2013-04-07 19:36 - 2013-04-07 19:36 - 00017445 ____A C:\Users\Benjamin\Desktop\dds.txt

2013-04-07 19:36 - 2013-04-07 19:36 - 00012630 ____A C:\Users\Benjamin\Desktop\attach.txt

2013-04-07 19:32 - 2013-04-07 19:32 - 00688992 ____R (Swearware) C:\Users\Benjamin\Desktop\dds.scr

2013-04-07 17:25 - 2013-04-07 17:25 - 00002991 ____A C:\Users\Benjamin\Desktop\HiJackThis.lnk

2013-04-07 17:25 - 2013-04-07 17:25 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-04-07 15:25 - 2013-04-08 10:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-04-07 15:25 - 2013-04-07 15:25 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2013-04-07 15:24 - 2013-04-07 15:24 - 23909512 ____A (SUPERAntiSpyware.com) C:\Users\Benjamin\Desktop\SUPERAntiSpywarePro.exe

2013-04-07 14:14 - 2013-04-07 14:14 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

2013-04-07 14:14 - 2013-04-07 14:14 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

2013-04-07 14:14 - 2013-04-07 14:14 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 14:14 - 2013-04-07 14:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-04-06 17:38 - 2013-03-14 21:53 - 26956576 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 20542752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 17990800 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 15508512 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 11048736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2013-04-06 17:38 - 2013-03-14 21:53 - 09414456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 07959000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 07573816 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 06271872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 02913056 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 02728736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 02355488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 01995552 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6431422.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6431422.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 00968408 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 00250504 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll

2013-04-06 17:38 - 2013-03-14 21:53 - 00205184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-04-06 17:38 - 2012-12-18 21:42 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll

2013-04-06 17:38 - 2012-12-18 21:41 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys

2013-04-05 20:45 - 2013-04-05 20:45 - 00000000 ____D C:\ProgramData\Apple Computer

2013-04-05 20:42 - 2013-04-06 09:29 - 00250192 ____A C:\Users\Benjamin\Desktop\SLAVEOFGOD.pds

2013-04-04 21:04 - 2013-04-06 14:58 - 00001334 ____A C:\Users\Benjamin\Documents\Earning System.txt

2013-04-04 11:24 - 2013-04-05 17:39 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-04 11:24 - 2013-04-04 16:19 - 00000000 ____D C:\Users\Benjamin\Documents\Arma 3 Alpha

2013-04-03 09:41 - 2013-04-03 09:49 - 00000000 ____D C:\Fraps

2013-04-02 14:17 - 2013-04-02 17:35 - 00000505 ____A C:\Users\Benjamin\Documents\codesnippets.txt

2013-03-31 16:14 - 2013-03-31 16:24 - 00000000 ____D C:\Users\Benjamin\Desktop\APC

2013-03-26 11:54 - 2013-03-26 11:54 - 00000545 ____A C:\Users\Benjamin\Desktop\projecttopic.txt

2013-03-25 15:47 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-24 23:33 - 2013-03-30 04:03 - 00003011 ____A C:\Users\Benjamin\Documents\Quotes.txt

2013-03-24 03:32 - 2013-03-24 03:32 - 00000073 ____A C:\Users\Benjamin\Documents\Pronunciation.txt

2013-03-23 18:48 - 2013-03-23 18:48 - 00000055 ____A C:\Users\Benjamin\Documents\Challenges.txt

2013-03-23 05:53 - 2013-03-23 05:53 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk

2013-03-22 15:12 - 2013-03-22 15:12 - 00000219 ____A C:\Users\Benjamin\Documents\GoodBadEquate.txt

2013-03-21 23:09 - 2013-03-21 23:10 - 00000000 ____D C:\Program Files (x86)\glassfish-3.1.2.2

2013-03-19 01:08 - 2013-03-19 01:26 - 00000000 ____D C:\Users\Benjamin\Documents\ROBLOX

2013-03-17 01:12 - 2013-03-17 01:12 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-16 23:34 - 2013-03-16 23:34 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\LolClient

2013-03-16 19:48 - 2008-07-12 04:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2013-03-16 19:48 - 2008-07-12 04:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2013-03-16 19:48 - 2008-07-12 04:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2013-03-16 19:44 - 2013-03-16 19:44 - 00000000 ____D C:\Riot Games

2013-03-16 18:49 - 2013-03-16 19:43 - 00000000 ____D C:\Program Files (x86)\League of Legends

2013-03-16 18:48 - 2013-04-02 11:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks

2013-03-16 18:46 - 2013-03-16 18:46 - 00000000 ____D C:\Users\Benjamin\.swt

2013-03-15 17:52 - 2013-03-15 17:52 - 00000112 ____A C:\prefs.js

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\Premium

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\InstallMate

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\CLSoft LTD

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\Program Files (x86)\MagniPic

2013-03-15 11:02 - 2013-04-07 18:20 - 00001644 ____A C:\Windows\setupact.log

2013-03-15 11:02 - 2013-03-15 11:02 - 00000000 ____A C:\Windows\setuperr.log

2013-03-15 02:16 - 2013-03-15 02:16 - 00001058 ____A C:\Users\Benjamin\Desktop\Documents - Shortcut.lnk

2013-03-15 02:16 - 2013-03-15 02:16 - 00001051 ____A C:\Users\Benjamin\Desktop\Pictures - Shortcut.lnk

2013-03-15 02:14 - 2013-03-31 16:25 - 00000000 ____D C:\Users\Benjamin\Desktop\Dev

2013-03-15 02:13 - 2013-04-04 14:59 - 00000000 ____D C:\Users\Benjamin\Documents\MyFiles

2013-03-15 01:56 - 2013-04-05 20:07 - 00000000 ____D C:\Users\Benjamin\Desktop\Gaming

2013-03-15 01:55 - 2013-03-15 02:15 - 00000000 ____D C:\Users\Benjamin\Desktop\Communication

2013-03-15 01:54 - 2013-04-07 17:24 - 00000000 ___RD C:\Users\Benjamin\Desktop\Tools

2013-03-14 18:07 - 2013-03-14 18:07 - 00559904 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-03-12 23:02 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-03-12 23:02 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-03-12 23:02 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-03-12 23:02 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-03-12 23:02 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-03-12 23:02 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-03-12 23:02 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-03-12 23:02 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-03-12 23:02 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-03-12 23:02 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-03-12 23:02 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-03-12 23:02 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-03-12 23:02 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-03-12 23:02 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-03-12 23:02 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-03-12 23:02 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-03-12 23:02 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-03-12 23:02 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-03-12 23:02 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-03-12 23:02 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-03-12 23:02 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-03-12 23:02 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-03-12 23:02 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-03-12 23:02 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-03-12 23:02 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-03-12 23:02 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-03-12 23:02 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-03-12 23:02 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-03-12 23:02 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-03-12 23:02 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-03-12 23:02 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-03-12 23:02 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-03-10 23:15 - 2013-03-10 23:15 - 00001851 ____A C:\Users\UpdatusUser\Desktop\HydraIRC.lnk

2013-03-10 23:15 - 2013-03-10 23:15 - 00000000 ____D C:\Program Files (x86)\HydraIRC

2013-03-10 23:12 - 2013-03-10 23:13 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\mIRC

==================== One Month Modified Files and Folders =======

2013-04-08 14:57 - 2013-04-08 14:57 - 00000000 ____D C:\FRST

2013-04-08 10:49 - 2013-04-07 15:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-04-08 10:33 - 2009-07-13 21:13 - 00784524 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-08 09:31 - 2013-04-08 09:31 - 00105166 ____A C:\Users\Benjamin\Desktop\Extras.Txt

2013-04-08 09:29 - 2013-04-08 09:29 - 00086358 ____A C:\Users\Benjamin\Desktop\OTL.Txt

2013-04-08 09:21 - 2013-04-08 09:21 - 00602112 ____A (OldTimer Tools) C:\Users\Benjamin\Desktop\OTL.exe

2013-04-07 19:36 - 2013-04-07 19:36 - 00017445 ____A C:\Users\Benjamin\Desktop\dds.txt

2013-04-07 19:36 - 2013-04-07 19:36 - 00012630 ____A C:\Users\Benjamin\Desktop\attach.txt

2013-04-07 19:32 - 2013-04-07 19:32 - 00688992 ____R (Swearware) C:\Users\Benjamin\Desktop\dds.scr

2013-04-07 18:20 - 2013-03-15 11:02 - 00001644 ____A C:\Windows\setupact.log

2013-04-07 18:20 - 2012-03-29 11:06 - 00000000 ____D C:\ProgramData\NVIDIA

2013-04-07 18:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-07 18:19 - 2011-01-08 20:03 - 01688935 ____A C:\Windows\WindowsUpdate.log

2013-04-07 17:52 - 2011-09-19 14:03 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-07 17:42 - 2012-07-15 13:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-07 17:25 - 2013-04-07 17:25 - 00002991 ____A C:\Users\Benjamin\Desktop\HiJackThis.lnk

2013-04-07 17:25 - 2013-04-07 17:25 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-04-07 17:24 - 2013-03-15 01:54 - 00000000 ___RD C:\Users\Benjamin\Desktop\Tools

2013-04-07 17:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-07 17:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-07 17:01 - 2013-03-03 18:53 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Skype

2013-04-07 17:00 - 2011-09-03 17:01 - 00000000 ____D C:\Program Files (x86)\Steam

2013-04-07 16:59 - 2011-09-19 14:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-07 16:59 - 2011-09-03 18:38 - 00000000 ____D C:\Users\Benjamin\AppData\Local\LogMeIn Hamachi

2013-04-07 16:46 - 2011-09-03 16:40 - 00000000 ____D C:\ProgramData\Recovery

2013-04-07 15:25 - 2013-04-07 15:25 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2013-04-07 15:24 - 2013-04-07 15:24 - 23909512 ____A (SUPERAntiSpyware.com) C:\Users\Benjamin\Desktop\SUPERAntiSpywarePro.exe

2013-04-07 15:21 - 2011-09-03 16:49 - 00470470 ____A C:\Windows\PFRO.log

2013-04-07 14:14 - 2013-04-07 14:14 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

2013-04-07 14:14 - 2013-04-07 14:14 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

2013-04-07 14:14 - 2013-04-07 14:14 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 14:14 - 2013-04-07 14:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-04-06 22:59 - 2009-07-13 18:34 - 00000255 ____A C:\Windows\system.ini

2013-04-06 17:44 - 2013-03-03 18:53 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-04-06 17:44 - 2013-03-03 18:53 - 00000000 ____D C:\ProgramData\Skype

2013-04-06 17:43 - 2011-10-03 01:14 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Apple Computer

2013-04-06 17:40 - 2012-03-29 11:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-04-06 17:39 - 2012-03-29 11:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-04-06 14:58 - 2013-04-04 21:04 - 00001334 ____A C:\Users\Benjamin\Documents\Earning System.txt

2013-04-06 12:16 - 2011-01-08 20:24 - 00000000 ____D C:\ProgramData\PDFC

2013-04-06 11:30 - 2013-01-24 21:35 - 00000021 ____A C:\Users\Benjamin\SciTE.session

2013-04-06 11:05 - 2011-09-03 22:33 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Roblox

2013-04-06 09:33 - 2011-10-04 16:51 - 00000000 ____D C:\Users\Benjamin\AppData\Local\CrashDumps

2013-04-06 09:29 - 2013-04-05 20:42 - 00250192 ____A C:\Users\Benjamin\Desktop\SLAVEOFGOD.pds

2013-04-05 20:45 - 2013-04-05 20:45 - 00000000 ____D C:\ProgramData\Apple Computer

2013-04-05 20:45 - 2011-10-01 15:21 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-04-05 20:07 - 2013-03-15 01:56 - 00000000 ____D C:\Users\Benjamin\Desktop\Gaming

2013-04-05 17:39 - 2013-04-04 11:24 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-04 16:19 - 2013-04-04 11:24 - 00000000 ____D C:\Users\Benjamin\Documents\Arma 3 Alpha

2013-04-04 16:15 - 2013-02-02 14:03 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Omerta

2013-04-04 14:59 - 2013-03-15 02:13 - 00000000 ____D C:\Users\Benjamin\Documents\MyFiles

2013-04-04 11:23 - 2011-01-08 20:35 - 00212285 ____A C:\Windows\DirectX.log

2013-04-04 10:21 - 2011-09-05 09:36 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Paint.NET

2013-04-03 18:14 - 2012-06-10 07:26 - 00000000 ____D C:\Users\Benjamin\AppData\Local\ArmA 2 OA

2013-04-03 18:13 - 2012-09-13 15:11 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Play withSIX

2013-04-03 09:49 - 2013-04-03 09:41 - 00000000 ____D C:\Fraps

2013-04-02 17:35 - 2013-04-02 14:17 - 00000505 ____A C:\Users\Benjamin\Documents\codesnippets.txt

2013-04-02 11:15 - 2013-03-16 18:48 - 00000000 ____D C:\Program Files (x86)\Pando Networks

2013-04-01 19:57 - 2011-09-03 18:20 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Notepad++

2013-04-01 19:57 - 2011-09-03 18:20 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-03-31 16:25 - 2013-03-15 02:14 - 00000000 ____D C:\Users\Benjamin\Desktop\Dev

2013-03-31 16:24 - 2013-03-31 16:14 - 00000000 ____D C:\Users\Benjamin\Desktop\APC

2013-03-30 09:51 - 2013-02-21 22:27 - 00000000 ____D C:\Program Files (x86)\NetBeans 7.3

2013-03-30 06:55 - 2012-09-13 15:02 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Downloaded Installations

2013-03-30 04:03 - 2013-03-24 23:33 - 00003011 ____A C:\Users\Benjamin\Documents\Quotes.txt

2013-03-26 21:32 - 2013-01-20 06:00 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Windows Live

2013-03-26 17:57 - 2011-12-02 18:57 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForBENJAMIN-HP$.job

2013-03-26 11:54 - 2013-03-26 11:54 - 00000545 ____A C:\Users\Benjamin\Desktop\projecttopic.txt

2013-03-24 03:32 - 2013-03-24 03:32 - 00000073 ____A C:\Users\Benjamin\Documents\Pronunciation.txt

2013-03-23 18:48 - 2013-03-23 18:48 - 00000055 ____A C:\Users\Benjamin\Documents\Challenges.txt

2013-03-23 05:53 - 2013-03-23 05:53 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk

2013-03-23 05:53 - 2011-09-19 14:03 - 00000000 ____D C:\Program Files (x86)\Google

2013-03-22 15:12 - 2013-03-22 15:12 - 00000219 ____A C:\Users\Benjamin\Documents\GoodBadEquate.txt

2013-03-22 01:12 - 2011-09-19 14:03 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Google

2013-03-21 23:18 - 2011-09-03 16:09 - 00000000 ____D C:\Users\Benjamin\.nbi

2013-03-21 23:10 - 2013-03-21 23:09 - 00000000 ____D C:\Program Files (x86)\glassfish-3.1.2.2

2013-03-19 01:26 - 2013-03-19 01:08 - 00000000 ____D C:\Users\Benjamin\Documents\ROBLOX

2013-03-17 01:12 - 2013-03-17 01:12 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-03-17 01:12 - 2013-03-17 01:12 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-03-17 01:12 - 2013-02-14 15:16 - 00000000 ____D C:\Program Files (x86)\Java

2013-03-17 01:12 - 2012-04-20 01:19 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll

2013-03-17 01:12 - 2012-04-12 13:54 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-03-16 23:34 - 2013-03-16 23:34 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\LolClient

2013-03-16 19:44 - 2013-03-16 19:44 - 00000000 ____D C:\Riot Games

2013-03-16 19:44 - 2011-01-08 20:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-03-16 19:43 - 2013-03-16 18:49 - 00000000 ____D C:\Program Files (x86)\League of Legends

2013-03-16 18:46 - 2013-03-16 18:46 - 00000000 ____D C:\Users\Benjamin\.swt

2013-03-16 18:46 - 2011-09-03 13:11 - 00000000 ____D C:\users\Benjamin

2013-03-15 17:52 - 2013-03-15 17:52 - 00000112 ____A C:\prefs.js

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\Premium

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\InstallMate

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\ProgramData\CLSoft LTD

2013-03-15 17:52 - 2013-03-15 17:52 - 00000000 ____D C:\Program Files (x86)\MagniPic

2013-03-15 16:42 - 2011-11-23 07:56 - 00789274 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-03-15 11:02 - 2013-03-15 11:02 - 00000000 ____A C:\Windows\setuperr.log

2013-03-15 11:02 - 2009-07-13 20:45 - 00369000 ____A C:\Windows\System32\FNTCACHE.DAT

2013-03-15 02:24 - 2011-09-03 13:46 - 00093712 ____A C:\Users\Benjamin\AppData\Local\GDIPFONTCACHEV1.DAT

2013-03-15 02:16 - 2013-03-15 02:16 - 00001058 ____A C:\Users\Benjamin\Desktop\Documents - Shortcut.lnk

2013-03-15 02:16 - 2013-03-15 02:16 - 00001051 ____A C:\Users\Benjamin\Desktop\Pictures - Shortcut.lnk

2013-03-15 02:15 - 2013-03-15 01:55 - 00000000 ____D C:\Users\Benjamin\Desktop\Communication

2013-03-15 02:13 - 2012-05-21 01:03 - 00000000 ____D C:\Users\Benjamin\Documents\GADevelopment

2013-03-15 02:10 - 2013-01-20 07:11 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\.minecraft

2013-03-14 21:53 - 2013-04-06 17:38 - 26956576 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 20542752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 17990800 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 15508512 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 11048736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2013-03-14 21:53 - 2013-04-06 17:38 - 09414456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 07959000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 07573816 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 06271872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 02913056 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 02728736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 02355488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 01995552 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6431422.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6431422.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 00968408 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 00250504 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll

2013-03-14 21:53 - 2013-04-06 17:38 - 00205184 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-03-14 21:53 - 2012-12-23 23:35 - 15042928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-03-14 21:53 - 2012-12-23 23:35 - 13088000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-03-14 21:53 - 2012-12-23 23:35 - 02539128 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-03-14 21:53 - 2012-10-10 18:23 - 01118776 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll

2013-03-14 21:53 - 2012-03-29 11:04 - 02864144 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2013-03-14 21:53 - 2012-03-29 11:04 - 00017738 ____A C:\Windows\System32\nvinfo.pb

2013-03-14 20:16 - 2011-01-16 13:13 - 06398240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2013-03-14 20:16 - 2011-01-16 13:13 - 03477280 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2013-03-14 20:16 - 2011-01-16 13:13 - 00877856 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2013-03-14 20:16 - 2011-01-16 13:13 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2013-03-14 20:16 - 2011-01-16 13:13 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2013-03-14 18:07 - 2013-03-14 18:07 - 00559904 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-03-13 08:24 - 2012-11-18 00:02 - 03065455 ____A C:\Windows\System32\nvcoproc.bin

2013-03-13 01:42 - 2012-03-29 11:02 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-13 01:42 - 2011-09-21 11:18 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-12 23:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-03-12 23:20 - 2012-05-11 21:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-12 23:20 - 2012-05-11 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-03-12 23:03 - 2012-03-30 11:50 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-03-12 23:01 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini

2013-03-11 21:10 - 2011-09-03 15:48 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-03-10 23:15 - 2013-03-10 23:15 - 00001851 ____A C:\Users\UpdatusUser\Desktop\HydraIRC.lnk

2013-03-10 23:15 - 2013-03-10 23:15 - 00000000 ____D C:\Program Files (x86)\HydraIRC

2013-03-10 23:13 - 2013-03-10 23:12 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\mIRC

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-02 00:00:15

Restore point made on: 2013-04-04 11:23:09

Restore point made on: 2013-04-04 15:16:31

Restore point made on: 2013-04-05 00:13:31

Restore point made on: 2013-04-05 20:43:03

Restore point made on: 2013-04-05 20:44:59

Restore point made on: 2013-04-06 23:41:01

Restore point made on: 2013-04-07 00:00:47

Restore point made on: 2013-04-07 09:24:59

Restore point made on: 2013-04-07 17:25:16

==================== Memory info ===========================

Percentage of memory in use: 8%

Total physical RAM: 16383.29 MB

Available physical RAM: 15020.93 MB

Total Pagefile: 16381.43 MB

Available Pagefile: 14984.92 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:685.71 GB) (Free:475.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.83 GB) (Free:1.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 7728 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 3E2ACF34

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 685 GB 101 MB

Partition 3 Primary 12 GB 685 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 685 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E HP_RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7727 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB20FD FAT32 Removable 7727 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 3E2ACF34

Partition 1:

=========

Hex: 8020210007DF130C0008000000200300

Active: YES

Type: 07 (NTFS)

Size: 100 MB

Partition 2:

=========

Hex: 00DF140C07FEFFFF0028030000B0B655

Active: NO

Type: 07 (NTFS)

Size: 686 GB

Partition 3:

=========

Hex: 00FEFFFF07FEFFFF00D8B95500809A01

Active: NO

Type: 07 (NTFS)

Size: 13 GB

==============================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition 1:

=========

Hex: 800101000CFFD5D520000000E07FF100

Active: YES

Type: 0C

Size: 8 GB

Last Boot: 2013-04-03 21:03

==================== End Of Log =============================

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

Sorry for the double post, but I feel I need to mention this.

While in Safe Mode (with Networking), I came across another error that may be related to the virus (which appears to just be a series of .exe files thrown all over the place).

"iexplore.exe - No Disk

There is no disk in the drive. Please insert a disk into drive /Disk/Harddisk1/(DR1,DR2,DR3,DR4)"

"mbamgui.exe - No Disk

There is no disk in the drive. Please insert a disk into drive /Disk/Harddisk1/(DR1,DR2,DR3,DR4)"

(The DR<num> in parentheses is what it cycles through as the window reappears constantly when trying to close it.)

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

At the moment, I see no signs of malware.

Do you have any USB drives, Cradreaders etc connected ? If so, disconnect them an reboot in Normal mode.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

Could this, then, be a false positive?

Here's the log I created:

ComboFix 13-04-08.02 - Benjamin 08/04/2013 16:21:58.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.14524 [GMT -4:00]

Running from: c:\users\Benjamin\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

C:\Thumbs.db

D:\atmxp.pif

.

.

((((((((((((((((((((((((( Files Created from 2013-03-08 to 2013-04-08 )))))))))))))))))))))))))))))))

.

.

2013-04-08 22:57 . 2013-04-08 22:57 -------- d-----w- C:\FRST

2013-04-08 20:17 . 2013-04-08 20:17 103140 ----a-w- C:\hcfx.exe

2013-04-08 01:25 . 2013-04-08 01:25 388096 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25 . 2013-04-08 01:25 -------- d-----w- c:\program files (x86)\Trend Micro

2013-04-07 23:25 . 2013-04-08 18:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-04-07 01:44 . 2013-04-07 01:44 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-06 04:45 . 2013-04-06 04:45 -------- d-----w- c:\programdata\Apple Computer

2013-04-06 04:44 . 2013-04-06 04:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-04-05 08:13 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12D5E54F-AC2F-4C5F-875C-17C5F62CD44A}\mpengine.dll

2013-04-04 19:24 . 2013-04-06 01:39 -------- d-----w- c:\users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41 . 2013-04-03 17:49 -------- d-----w- C:\Fraps

2013-03-25 23:47 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-22 07:09 . 2013-03-22 07:10 -------- d-----w- c:\program files (x86)\glassfish-3.1.2.2

2013-03-17 09:12 . 2013-03-17 09:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34 . 2013-03-17 07:34 -------- d-----w- c:\users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44 . 2013-03-17 03:44 -------- d-----w- C:\Riot Games

2013-03-17 02:49 . 2013-03-17 03:43 -------- d-----w- c:\program files (x86)\League of Legends

2013-03-17 02:48 . 2013-04-02 19:15 -------- d-----w- c:\program files (x86)\Pando Networks

2013-03-17 02:46 . 2013-03-17 02:46 -------- d-----w- c:\users\Benjamin\.swt

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\CLSoft LTD

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\Premium

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\program files (x86)\MagniPic

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\InstallMate

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-11 07:15 . 2013-03-11 07:15 -------- d-----w- c:\program files (x86)\HydraIRC

2013-03-11 07:12 . 2013-03-11 07:13 -------- d-----w- c:\users\Benjamin\AppData\Roaming\mIRC

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-17 09:12 . 2012-04-20 09:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12 . 2012-04-12 21:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2012-12-24 07:35 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-12-24 07:35 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2012-12-24 07:35 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2012-10-11 02:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-03-29 19:04 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-01-16 21:13 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-01-16 21:13 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-01-16 21:13 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-01-16 21:13 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-01-16 21:13 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-13 16:24 . 2012-11-18 08:02 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-13 09:42 . 2012-03-29 19:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 09:42 . 2011-09-21 19:18 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 07:03 . 2012-03-30 19:50 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-12 05:10 . 2011-09-03 23:48 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll

2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2013-02-12 05:45 . 2013-03-13 02:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 02:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 02:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 02:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-13 21:17 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-01-13 20:22 . 2013-02-27 08:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-01-13 20:20 . 2013-02-27 08:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-01-13 20:09 . 2013-02-27 08:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08 . 2013-02-27 08:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-01-13 20:08 . 2013-02-27 08:00 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-01-13 19:59 . 2013-02-27 08:00 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-01-13 19:58 . 2013-02-27 08:00 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-01-13 19:54 . 2013-02-27 08:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-01-13 19:53 . 2013-02-27 08:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53 . 2013-02-27 08:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-01-13 19:51 . 2013-02-27 08:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-01-13 19:49 . 2013-02-27 08:00 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-01-13 19:48 . 2013-02-27 08:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-01-13 19:46 . 2013-02-27 08:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-01-13 19:43 . 2013-02-27 08:00 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38 . 2013-02-27 08:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-01-13 19:38 . 2013-02-27 08:00 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-01-13 19:38 . 2013-02-27 08:00 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-01-13 19:37 . 2013-02-27 08:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-13 19:25 . 2013-02-27 08:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-01-13 19:24 . 2013-02-27 08:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-01-13 19:24 . 2013-02-27 08:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-01-13 19:20 . 2013-02-27 08:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-01-13 19:20 . 2013-02-27 08:00 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-01-13 19:15 . 2013-02-27 08:00 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-01-13 19:10 . 2013-02-27 08:00 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-01-13 19:02 . 2013-02-27 08:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-01-13 18:34 . 2013-02-27 08:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32 . 2013-02-27 08:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-01-13 18:09 . 2013-02-27 08:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-01-13 17:26 . 2013-02-27 08:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-01-13 17:05 . 2013-02-27 08:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 176128]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2328496]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 275872]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 326576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"ANTIVIRUSDISABLENOTIFY"=dword:00000001

"FIREWALLDISABLENOTIFY"=dword:00000001

"UPDATESDISABLENOTIFY"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-21 126976]

R3 netr7364;TP-LINK Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 ALSysIO;ALSysIO;c:\users\Benjamin\AppData\Local\Temp\ALSysIO64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-28 23:52 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:42]

.

2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 22:03]

.

2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 22:03]

.

2013-03-27 c:\windows\Tasks\HPCeeScheduleForBENJAMIN-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

mLocal Page = c:\windows\system32\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-nbi-nb-base-7.1.2.0.0 - c:\program files (x86)\NetBeans 7.1.2\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_™\00\00™\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~™\00\00™\00\00\00\00\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-08 16:31:33

ComboFix-quarantined-files.txt 2013-04-08 20:31

.

Pre-Run: 510,168,645,632 bytes free

Post-Run: 510,397,788,160 bytes free

.

- - End Of File - - FA3EFDF926C17A03707A64E90975A37C

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

Sorry for another double post.

I have been doing some research between replies, and during some searches through my SAS quarentines located a listing:

"Trojan.Agent/Gen-FraudPack.Process

Trojan.Agent/Gen.Process

Trojan.Agent/Gen-SpamTool.Process

Trojan.Agent/Gen-CDesc[Gen].Process

Trojan.Agent/Gen-CDesc[LordPE].Process

Trojan.Agent/Gen-Frauder.Process"

* (each of these processes had one .exe file in common: HCFX.EXE) *

All of these processes have TempData files attached to them and executables located throughout the Temp folder. I have seen that many other users have had trouble with this trojan in the past on the MalwareBytes forum and many other websites and have been prescribed RogueKiller.

From what I hear, though, Trojan.Agent is completely harmless but purposely sets off alerts to scare the user for whatever reason. This possible 'infection' has been flashing alerts constantly now and seems to be manipulating mbamgui.exe which MalwareBytes continues to block for malicious activity tied to an IP (78.128.66.99) (this IP may not be completely correct).

If I have another IP or a corrected IP, I will make sure to send it with my next reply.

Anyhow, I hope this was helpful!

- Ben

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Please post the most recent Logfile from SAS.

Open notepad and copy/paste the text in the Code-box below into it:


http://forums.malwarebytes.org/index.php?showtopic=124793&pid=666375&st=0entry666375

Suspect::[100]
C:\hcfx.exe
DDS::
mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"ANTIVIRUSDISABLENOTIFY"=dword:00000000
"FIREWALLDISABLENOTIFY"=dword:00000000
"UPDATESDISABLENOTIFY"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"UacDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available:

Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

Please launch DDS.

Make sure that the following options are checked:

  • DDS.txt
  • attach.txt

Press the Start Button.

When done, DDS will open both logfiles which will also be saved on your desktop.

Please post them in your next reply.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

I run MalwareBytes Anti-Malware and SUPERAntiSpyware which, so far, have not conflicted at all and support eachother surprisingly.

Here are the Antivirus Logs:

Malwarebytes Protection Log:

2013/04/09 00:01:54 -0400 BENJAMIN-HP Benjamin MESSAGE Starting protection

2013/04/09 00:01:55 -0400 BENJAMIN-HP Benjamin MESSAGE Protection started successfully

2013/04/09 00:01:55 -0400 BENJAMIN-HP Benjamin MESSAGE Starting IP protection

2013/04/09 00:02:34 -0400 BENJAMIN-HP Benjamin MESSAGE IP Protection started successfully

2013/04/09 00:12:24 -0400 BENJAMIN-HP Benjamin IP-BLOCK 89.28.83.5 (Type: outgoing, Port: 64954, Process: mbamgui.exe)

2013/04/09 00:20:26 -0400 BENJAMIN-HP Benjamin IP-BLOCK 78.128.66.99 (Type: outgoing, Port: 64346, Process: mbamgui.exe)

2013/04/09 00:25:39 -0400 BENJAMIN-HP Benjamin IP-BLOCK 77.78.219.76 (Type: outgoing, Port: 60634, Process: mbamgui.exe)

2013/04/09 01:18:18 -0400 BENJAMIN-HP Benjamin IP-BLOCK 89.28.83.5 (Type: outgoing, Port: 60037, Process: mbamgui.exe)

2013/04/09 01:26:21 -0400 BENJAMIN-HP Benjamin IP-BLOCK 78.128.66.99 (Type: outgoing, Port: 53405, Process: mbamgui.exe)

2013/04/09 01:31:33 -0400 BENJAMIN-HP Benjamin IP-BLOCK 77.78.219.76 (Type: outgoing, Port: 60029, Process: mbamgui.exe)

2013/04/09 02:20:49 -0400 BENJAMIN-HP Benjamin IP-BLOCK 78.128.66.99 (Type: outgoing, Port: 50723, Process: mbamgui.exe)

2013/04/09 03:05:29 -0400 BENJAMIN-HP Benjamin IP-BLOCK 78.128.66.99 (Type: outgoing, Port: 63121, Process: mbamgui.exe)

2013/04/09 03:10:28 -0400 BENJAMIN-HP Benjamin IP-BLOCK 117.41.229.119 (Type: outgoing, Port: 50847, Process: mbamgui.exe)

2013/04/09 03:10:36 -0400 BENJAMIN-HP Benjamin IP-BLOCK 95.43.99.102 (Type: outgoing, Port: 65513, Process: mbamgui.exe)

2013/04/09 19:18:31 -0400 BENJAMIN-HP (null) MESSAGE Starting protection

2013/04/09 19:18:31 -0400 BENJAMIN-HP (null) MESSAGE Protection started successfully

2013/04/09 19:18:31 -0400 BENJAMIN-HP (null) MESSAGE Starting IP protection

2013/04/09 19:19:09 -0400 BENJAMIN-HP (null) MESSAGE IP Protection started successfully

2013/04/09 19:24:25 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winafhesk.exe Trojan.Downloader QUARANTINE

2013/04/09 19:24:27 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winybkeg.exe Trojan.Downloader QUARANTINE

2013/04/09 19:26:20 -0400 BENJAMIN-HP Benjamin IP-BLOCK 78.128.66.99 (Type: outgoing, Port: 60630, Process: wg111v3.exe)

2013/04/09 19:29:04 -0400 BENJAMIN-HP Benjamin IP-BLOCK 117.41.229.119 (Type: outgoing, Port: 51952, Process: wg111v3.exe)

2013/04/09 19:29:12 -0400 BENJAMIN-HP Benjamin IP-BLOCK 95.43.99.102 (Type: outgoing, Port: 63800, Process: wg111v3.exe)

2013/04/09 19:32:01 -0400 BENJAMIN-HP Benjamin IP-BLOCK 46.237.105.113 (Type: outgoing, Port: 59460, Process: wg111v3.exe)

2013/04/09 19:32:33 -0400 BENJAMIN-HP Benjamin IP-BLOCK 92.53.6.161 (Type: outgoing, Port: 52779, Process: wg111v3.exe)

2013/04/09 19:59:34 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winghmp.exe Trojan.Downloader QUARANTINE

2013/04/09 19:59:37 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\kjlctt.exe Trojan.Downloader QUARANTINE

2013/04/09 20:16:45 -0400 BENJAMIN-HP Benjamin IP-BLOCK 117.41.229.119 (Type: outgoing, Port: 64600, Process: wg111v3.exe)

2013/04/09 20:16:53 -0400 BENJAMIN-HP Benjamin IP-BLOCK 95.43.99.102 (Type: outgoing, Port: 58960, Process: wg111v3.exe)

2013/04/09 20:19:49 -0400 BENJAMIN-HP Benjamin IP-BLOCK 46.237.105.113 (Type: outgoing, Port: 65096, Process: wg111v3.exe)

2013/04/09 20:20:21 -0400 BENJAMIN-HP Benjamin IP-BLOCK 92.53.6.161 (Type: outgoing, Port: 57898, Process: wg111v3.exe)

2013/04/09 20:34:43 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winpnyuyg.exe Trojan.Downloader QUARANTINE

2013/04/09 20:34:46 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\hynte.exe Trojan.Downloader QUARANTINE

2013/04/09 21:06:34 -0400 BENJAMIN-HP Benjamin IP-BLOCK 117.41.229.119 (Type: outgoing, Port: 54316, Process: wg111v3.exe)

2013/04/09 21:06:50 -0400 BENJAMIN-HP Benjamin IP-BLOCK 95.43.99.102 (Type: outgoing, Port: 61132, Process: wg111v3.exe)

2013/04/09 21:09:53 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winmufghy.exe Trojan.Downloader QUARANTINE

2013/04/09 21:09:55 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\aaxhh.exe Trojan.Downloader QUARANTINE

2013/04/09 21:10:10 -0400 BENJAMIN-HP Benjamin IP-BLOCK 46.237.105.113 (Type: outgoing, Port: 55488, Process: wg111v3.exe)

2013/04/09 21:10:59 -0400 BENJAMIN-HP Benjamin IP-BLOCK 92.53.6.161 (Type: outgoing, Port: 55323, Process: wg111v3.exe)

2013/04/09 21:14:29 -0400 BENJAMIN-HP Benjamin IP-BLOCK 189.19.242.249 (Type: outgoing, Port: 51956, Process: wg111v3.exe)

2013/04/09 21:45:07 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\wincpua.exe Trojan.Downloader QUARANTINE

2013/04/09 21:45:10 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winnhchr.exe Trojan.Downloader QUARANTINE

2013/04/09 21:58:20 -0400 BENJAMIN-HP Benjamin IP-BLOCK 117.41.229.119 (Type: outgoing, Port: 55067, Process: wg111v3.exe)

2013/04/09 21:58:28 -0400 BENJAMIN-HP Benjamin IP-BLOCK 95.43.99.102 (Type: outgoing, Port: 51324, Process: wg111v3.exe)

2013/04/09 22:00:00 -0400 BENJAMIN-HP Benjamin MESSAGE Executing scheduled scan: Full Scan | Daily | Silent | -remove | -terminate | -reboot | -log

2013/04/09 22:00:00 -0400 BENJAMIN-HP Benjamin MESSAGE Scheduled scan executed successfully

2013/04/09 22:01:27 -0400 BENJAMIN-HP Benjamin IP-BLOCK 46.237.105.113 (Type: outgoing, Port: 63038, Process: wg111v3.exe)

2013/04/09 22:02:07 -0400 BENJAMIN-HP Benjamin IP-BLOCK 92.53.6.161 (Type: outgoing, Port: 61630, Process: wg111v3.exe)

2013/04/09 22:02:49 -0400 BENJAMIN-HP Benjamin MESSAGE Executing scheduled update: Daily

2013/04/09 22:03:02 -0400 BENJAMIN-HP Benjamin MESSAGE Database already up-to-date

2013/04/09 22:05:39 -0400 BENJAMIN-HP Benjamin IP-BLOCK 189.19.242.249 (Type: outgoing, Port: 56507, Process: wg111v3.exe)

2013/04/09 22:20:27 -0400 BENJAMIN-HP Benjamin DETECTION C:\Users\Benjamin\AppData\Local\Temp\winmrwn.exe Trojan.Downloader QUARANTINE

2013/04/09 22:36:08 -0400 BENJAMIN-HP (null) MESSAGE Starting protection

2013/04/09 22:36:08 -0400 BENJAMIN-HP (null) MESSAGE Protection started successfully

2013/04/09 22:36:08 -0400 BENJAMIN-HP (null) MESSAGE Starting IP protection

2013/04/09 22:36:45 -0400 BENJAMIN-HP (null) MESSAGE IP Protection started successfully

SUPERAntiSpyware Scan Log:

http://www.superantispyware.com

Generated 04/09/2013 at 10:31 PM

Application Version : 5.6.1014

Core Rules Database Version : 10242

Trace Rules Database Version: 8054

Scan type : Complete Scan

Total Scan Time : 01:19:55

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

Memory items scanned : 715

Memory threats detected : 0

Registry items scanned : 73007

Registry threats detected : 3

File items scanned : 108430

File threats detected : 20

Disabled.SecurityCenterOption

(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Trojan.Agent/Gen-CDesc[Gen]

D:\ATMXP.PIF

Adware.Tracking Cookie

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\8DZIAC0L.txt [ /statcounter.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\7C2O0SG7.txt [ /mediaplex.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\HY8X3991.txt [ /fastclick.net ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\7GQJ3ONA.txt [ /questionmarket.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\0UYIQVD2.txt [ /adserver.adtechus.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\MLZDIUUH.txt [ /atdmt.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\8JZYNYS6.txt [ /doubleclick.net ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\FKO75BT1.txt [ /specificclick.net ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\LP5TCAFO.txt [ /ad.yieldmanager.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\ZL3YRKNV.txt [ /accounts.google.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\WTA6SZAI.txt [ /apmebf.com ]

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\27539XVW.txt [ /realmedia.com ]

C:\USERS\BENJAMIN\Cookies\8DZIAC0L.txt [ Cookie:benjamin@statcounter.com/ ]

C:\USERS\BENJAMIN\Cookies\7C2O0SG7.txt [ Cookie:benjamin@mediaplex.com/ ]

C:\USERS\BENJAMIN\Cookies\0UYIQVD2.txt [ Cookie:benjamin@adserver.adtechus.com/ ]

C:\USERS\BENJAMIN\Cookies\8JZYNYS6.txt [ Cookie:benjamin@doubleclick.net/ ]

C:\USERS\BENJAMIN\Cookies\FKO75BT1.txt [ Cookie:benjamin@specificclick.net/ ]

C:\USERS\BENJAMIN\Cookies\LP5TCAFO.txt [ Cookie:benjamin@ad.yieldmanager.com/ ]

C:\USERS\BENJAMIN\Cookies\WTA6SZAI.txt [ Cookie:benjamin@apmebf.com/ ]

ComboFix:

ComboFix 13-04-10.01 - Benjamin 10/04/2013 7:22.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.13980 [GMT -4:00]

Running from: c:\users\Benjamin\Desktop\ComboFix.exe

Command switches used :: c:\users\Benjamin\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\MPENGINE.DLL

D:\atmxp.pif

.

.

((((((((((((((((((((((((( Files Created from 2013-03-10 to 2013-04-10 )))))))))))))))))))))))))))))))

.

.

2013-04-10 11:30 . 2013-04-10 11:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-10 11:30 . 2013-04-10 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-10 09:59 . 2013-04-10 09:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\offreg.dll

2013-04-09 23:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\mpengine.dll

2013-04-09 23:27 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-09 23:27 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-09 23:27 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-09 23:27 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-09 23:27 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-09 23:27 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-09 23:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-09 23:26 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-09 23:26 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-09 23:26 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-09 23:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-09 23:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-09 23:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-08 22:57 . 2013-04-08 22:57 -------- d-----w- C:\FRST

2013-04-08 01:25 . 2013-04-08 01:25 388096 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25 . 2013-04-08 01:25 -------- d-----w- c:\program files (x86)\Trend Micro

2013-04-07 23:25 . 2013-04-08 18:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-04-07 01:44 . 2013-04-07 01:44 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-06 04:45 . 2013-04-06 04:45 -------- d-----w- c:\programdata\Apple Computer

2013-04-06 04:44 . 2013-04-06 04:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-04-04 19:24 . 2013-04-06 01:39 -------- d-----w- c:\users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41 . 2013-04-03 17:49 -------- d-----w- C:\Fraps

2013-03-25 23:47 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-22 07:09 . 2013-03-22 07:10 -------- d-----w- c:\program files (x86)\glassfish-3.1.2.2

2013-03-17 09:12 . 2013-03-17 09:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34 . 2013-03-17 07:34 -------- d-----w- c:\users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44 . 2013-03-17 03:44 -------- d-----w- C:\Riot Games

2013-03-17 02:49 . 2013-03-17 03:43 -------- d-----w- c:\program files (x86)\League of Legends

2013-03-17 02:48 . 2013-04-02 19:15 -------- d-----w- c:\program files (x86)\Pando Networks

2013-03-17 02:46 . 2013-03-17 02:46 -------- d-----w- c:\users\Benjamin\.swt

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\CLSoft LTD

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\Premium

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\program files (x86)\MagniPic

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\InstallMate

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-10 07:02 . 2012-03-30 19:50 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 18:50 . 2011-09-03 23:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-17 09:12 . 2012-04-20 09:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12 . 2012-04-12 21:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2012-12-24 07:35 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-12-24 07:35 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2012-12-24 07:35 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2012-10-11 02:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-03-29 19:04 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-01-16 21:13 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-01-16 21:13 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-01-16 21:13 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-01-16 21:13 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-01-16 21:13 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-13 16:24 . 2012-11-18 08:02 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-13 09:42 . 2012-03-29 19:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 09:42 . 2011-09-21 19:18 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 05:10 . 2011-09-03 23:48 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll

2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2013-02-12 05:45 . 2013-03-13 02:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 02:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 02:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 02:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-13 21:17 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-01-13 20:22 . 2013-02-27 08:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-01-13 20:20 . 2013-02-27 08:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-01-13 20:09 . 2013-02-27 08:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08 . 2013-02-27 08:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-01-13 20:08 . 2013-02-27 08:00 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-01-13 19:59 . 2013-02-27 08:00 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-01-13 19:58 . 2013-02-27 08:00 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-01-13 19:54 . 2013-02-27 08:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-01-13 19:53 . 2013-02-27 08:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53 . 2013-02-27 08:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-01-13 19:51 . 2013-02-27 08:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-01-13 19:49 . 2013-02-27 08:00 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-01-13 19:48 . 2013-02-27 08:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-01-13 19:46 . 2013-02-27 08:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-01-13 19:43 . 2013-02-27 08:00 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38 . 2013-02-27 08:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-01-13 19:38 . 2013-02-27 08:00 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-01-13 19:38 . 2013-02-27 08:00 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-01-13 19:37 . 2013-02-27 08:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-13 19:25 . 2013-02-27 08:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-01-13 19:24 . 2013-02-27 08:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-01-13 19:24 . 2013-02-27 08:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-01-13 19:20 . 2013-02-27 08:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-01-13 19:20 . 2013-02-27 08:00 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-01-13 19:15 . 2013-02-27 08:00 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-01-13 19:10 . 2013-02-27 08:00 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-01-13 19:02 . 2013-02-27 08:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-01-13 18:34 . 2013-02-27 08:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32 . 2013-02-27 08:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-01-13 18:09 . 2013-02-27 08:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-01-13 17:26 . 2013-02-27 08:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-01-13 17:05 . 2013-02-27 08:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 176128]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2328496]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 275872]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 326576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"ANTIVIRUSDISABLENOTIFY"=dword:00000001

"FIREWALLDISABLENOTIFY"=dword:00000001

"UPDATESDISABLENOTIFY"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-21 126976]

R3 netr7364;TP-LINK Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 ALSysIO;ALSysIO;c:\users\Benjamin\AppData\Local\Temp\ALSysIO64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

*NewlyCreated* - MBAMPROTECTOR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-28 23:52 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:42]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 22:03]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 22:03]

.

2013-03-27 c:\windows\Tasks\HPCeeScheduleForBENJAMIN-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

mLocal Page = c:\windows\system32\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-nbi-nb-base-7.1.2.0.0 - c:\program files (x86)\NetBeans 7.1.2\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_™\00\00™\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~™\00\00™\00\00\00\00\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-10 07:31:45

ComboFix-quarantined-files.txt 2013-04-10 11:31

ComboFix2.txt 2013-04-08 20:31

.

Pre-Run: 508,820,987,904 bytes free

Post-Run: 508,545,290,240 bytes free

.

- - End Of File - - 81BD20DD9105D4C7FB70CAAD1CA84267

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

DDS Log(s):

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2

Run by Benjamin at 15:04:04 on 2013-04-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.13440 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\MRT.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{583061C0-697A-4239-8C46-0187D1AD694F} : DHCPNameServer = 192.168.1.1

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\npchrome_frame.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-9 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-9 38016]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-9 203264]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-9 1119768]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-12 386344]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-3 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-9 349800]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-9 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-21 126976]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-5 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-5 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

.

=============== Created Last 30 ================

.

2013-04-10 11:36:14 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-10 11:21:08 -------- d-----w- C:\ComboFix

2013-04-10 09:59:55 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\offreg.dll

2013-04-09 23:28:07 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\mpengine.dll

2013-04-09 23:27:15 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-09 23:27:15 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-09 23:27:14 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-09 23:27:14 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-09 23:27:14 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-09 23:27:13 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-09 23:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-09 23:26:45 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-09 23:26:42 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-09 23:26:35 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-09 23:26:34 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-09 23:26:34 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-09 23:26:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-09 23:26:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-09 23:26:32 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-08 22:57:18 -------- d-----w- C:\FRST

2013-04-08 20:19:13 98816 ----a-w- C:\Windows\sed.exe

2013-04-08 20:19:13 256000 ----a-w- C:\Windows\PEV.exe

2013-04-08 20:19:13 208896 ----a-w- C:\Windows\MBR.exe

2013-04-08 01:25:22 388096 ----a-r- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25:22 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-04-07 23:25:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-04-07 22:14:29 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-04-04 19:24:10 -------- d-----w- C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41:41 -------- d-----w- C:\Fraps

2013-03-25 23:47:11 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-22 07:09:21 -------- d-----w- C:\Program Files (x86)\glassfish-3.1.2.2

2013-03-17 09:12:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34:18 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48:32 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48:32 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48:31 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44:35 -------- d-----w- C:\Riot Games

2013-03-17 02:49:59 -------- d-----w- C:\Program Files (x86)\League of Legends

2013-03-17 02:48:43 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-03-17 02:46:12 -------- d-----w- C:\Users\Benjamin\.swt

2013-03-16 01:52:25 -------- d-----w- C:\ProgramData\CLSoft LTD

2013-03-16 01:52:23 -------- d-----w- C:\ProgramData\Premium

2013-03-16 01:52:22 -------- d-----w- C:\Program Files (x86)\MagniPic

2013-03-16 01:52:15 -------- d-----w- C:\ProgramData\InstallMate

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-17 09:12:07 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-13 09:42:39 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 09:42:39 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-26 06:31:28 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2013-02-26 06:31:26 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

.

============= FINISH: 15:04:18.44 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/09/2011 17:11:17

System Uptime: 10/04/2013 03:08:46 (12 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 686 GiB total, 473.693 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.538 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP336: 02/04/2013 04:00:10 - Windows Update

RP337: 04/04/2013 15:23:04 - Installed DirectX

RP338: 04/04/2013 19:16:27 - Installed DirectX

RP339: 05/04/2013 04:13:26 - Windows Update

RP340: 06/04/2013 00:42:59 - Removed QuickTime

RP341: 06/04/2013 00:44:55 - Installed QuickTime

RP342: 07/04/2013 03:40:25 - Malwarebytes Anti-Rootkit Restore Point

RP343: 07/04/2013 04:00:26 - Malwarebytes Anti-Rootkit Restore Point

RP344: 07/04/2013 13:24:38 - Malwarebytes Anti-Rootkit Restore Point

RP345: 07/04/2013 21:24:58 - Installed HiJackThis

RP346: 09/04/2013 19:26:37 - Windows Update

RP347: 10/04/2013 03:00:12 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11.6

Antichamber

Apple Application Support

Apple Software Update

applicationupdater

ARMA 2

ARMA 2: Operation Arrowhead

ARMA 2: Operation Arrowhead Beta

Arma 3 Alpha

BattlEye for OA Uninstall

BattlEye Uninstall

CameraHelperMsi

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP560 series MP Drivers

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 6.2

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC3

Crusader Kings II

CyberLink DVD Suite Deluxe

CyberLink PowerDirector

CyberLink WaveEditor

D3DX10

DVD Menu Pack for HP MediaSmart Video

erLT

Fraps (remove only)

gamelauncher-code4344-beta

gamelauncher-ps2-live

GlassFish Server Open Source Edition 3.1.2

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Chrome Frame

Google Earth

Google Update Helper

Hacker Evolution Duality

HiJackThis

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Odometer

HP Support Information

HPAsset component for HP Active Support Library

HydraIRC

Java 7 Update 17

Java Auto Updater

Java SE Development Kit 7 Update 15

Junk Mail filter update

League of Legends

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

Lua for Windows 5.1.4-46

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MagniPic

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Beta

Microsoft Application Error Reporting

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office 2010

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Game Long Name

NetBeans IDE 7.1.2

NetBeans IDE 7.3

NETGEAR WG111v3 wireless USB 2.0 adapter

Notepad++

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Omerta - City of Gangsters

OpenAL

Paint.NET v3.5.10

PDF Complete Special Edition

PlanetSide 2

Play withSIX

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

PowerDirector

Proteus

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

ROBLOX Player

ROBLOX Studio 2013

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

Sid Meier's Civilization V

Simple Adblock

Six Updater

Skype™ 6.3

Steam

SUPERAntiSpyware

Supreme Ruler 2020: Gold

Supreme Ruler Cold War

swMSM

Team Fortress 2

TeamSpeak 3 Client

The Sims 3

Tropico 4

Ubisoft Game Launcher

Unity Web Player

Visual Studio 2008 x64 Redistributables

WebM Media Foundation Components

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

10/04/2013 07:30:11, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/04/2013 07:29:40, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

10/04/2013 03:52:10, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

10/04/2013 03:12:10, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

08/04/2013 15:41:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

08/04/2013 15:01:47, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

08/04/2013 15:01:47, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

08/04/2013 15:01:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

08/04/2013 15:01:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

08/04/2013 15:01:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

08/04/2013 15:01:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

08/04/2013 15:01:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

07/04/2013 22:21:08, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

07/04/2013 22:21:08, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.

07/04/2013 22:19:52, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 22:19:52, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 22:19:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

07/04/2013 19:21:42, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

07/04/2013 19:21:40, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:40, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 19:21:39, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:39, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 16:52:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted
I run MalwareBytes Anti-Malware and SUPERAntiSpyware which, so far, have not conflicted at all and support eachother surprisingly.

Both are not Anti Virus Products. They are Anti Malware Software and there is a different. If you wont install an AVP, than this will leave my work here senceless.

Install one of of your choice and re-run DDS.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

I have installed a 30-day-trial of Kaspersky Pure 3.0 and I will purchase the commercial version in the morning (if I have time). Things seems to have cleared up a bit but Kaspersky didn't seem to like anything I had on my computer.

Here are the DDS Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2

Run by Benjamin at 4:05:57 on 2013-04-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.13728 [GMT -4:00]

.

AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{583061C0-697A-4239-8C46-0187D1AD694F} : DHCPNameServer = 192.168.1.1

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-9 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-9 38016]

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-4-11 84536]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-4-11 66616]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-9 203264]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]

R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-9 1119768]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-12 386344]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-3 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-9 349800]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-9 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]

S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-21 53248]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-5 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-5 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

.

=============== Created Last 30 ================

.

2013-04-11 07:18:11 -------- d-----w- C:\Encryption

2013-04-11 06:26:12 64856 ----a-w- C:\Windows\System32\klfphc.dll

2013-04-11 06:25:32 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys

2013-04-11 06:25:30 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys

2013-04-11 06:25:01 -------- d-----w- C:\Windows\ELAMBKUP

2013-04-11 06:24:56 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch

2013-04-11 06:24:27 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys

2013-04-11 04:17:57 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-04-11 04:17:57 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2013-04-10 11:36:14 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-10 11:21:08 -------- d-----w- C:\ComboFix

2013-04-09 23:28:07 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\mpengine.dll

2013-04-09 23:27:15 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-09 23:27:15 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-09 23:27:14 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-09 23:27:14 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-09 23:27:14 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-09 23:27:13 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-09 23:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-09 23:26:45 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-09 23:26:42 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-09 23:26:35 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-09 23:26:34 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-09 23:26:34 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-09 23:26:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-09 23:26:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-09 23:26:32 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-08 22:57:18 -------- d-----w- C:\FRST

2013-04-08 20:19:13 98816 ----a-w- C:\Windows\sed.exe

2013-04-08 20:19:13 256000 ----a-w- C:\Windows\PEV.exe

2013-04-08 20:19:13 208896 ----a-w- C:\Windows\MBR.exe

2013-04-08 01:25:22 388096 ----a-r- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25:22 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-04-07 23:25:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-04-07 22:14:29 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-04-04 19:24:10 -------- d-----w- C:\Users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41:41 -------- d-----w- C:\Fraps

2013-03-25 23:47:11 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-22 07:09:21 -------- d-----w- C:\Program Files (x86)\glassfish-3.1.2.2

2013-03-17 09:12:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34:18 -------- d-----w- C:\Users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48:32 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48:32 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48:31 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44:35 -------- d-----w- C:\Riot Games

2013-03-17 02:49:59 -------- d-----w- C:\Program Files (x86)\League of Legends

2013-03-17 02:48:43 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-03-17 02:46:12 -------- d-----w- C:\Users\Benjamin\.swt

2013-03-16 01:52:25 -------- d-----w- C:\ProgramData\CLSoft LTD

2013-03-16 01:52:23 -------- d-----w- C:\ProgramData\Premium

2013-03-16 01:52:22 -------- d-----w- C:\Program Files (x86)\MagniPic

2013-03-16 01:52:15 -------- d-----w- C:\ProgramData\InstallMate

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-17 09:12:07 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-13 09:42:39 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 09:42:39 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-26 06:31:28 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2013-02-26 06:31:26 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

.

============= FINISH: 4:07:24.66 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/09/2011 17:11:17

System Uptime: 11/04/2013 03:52:59 (1 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon™ II X4 640 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 686 GiB total, 471.819 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.538 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP336: 02/04/2013 04:00:10 - Windows Update

RP337: 04/04/2013 15:23:04 - Installed DirectX

RP338: 04/04/2013 19:16:27 - Installed DirectX

RP339: 05/04/2013 04:13:26 - Windows Update

RP340: 06/04/2013 00:42:59 - Removed QuickTime

RP341: 06/04/2013 00:44:55 - Installed QuickTime

RP342: 07/04/2013 03:40:25 - Malwarebytes Anti-Rootkit Restore Point

RP343: 07/04/2013 04:00:26 - Malwarebytes Anti-Rootkit Restore Point

RP344: 07/04/2013 13:24:38 - Malwarebytes Anti-Rootkit Restore Point

RP345: 07/04/2013 21:24:58 - Installed HiJackThis

RP346: 09/04/2013 19:26:37 - Windows Update

RP347: 10/04/2013 03:00:12 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11.6

Antichamber

Apple Application Support

Apple Software Update

applicationupdater

ARMA 2

ARMA 2: Operation Arrowhead

ARMA 2: Operation Arrowhead Beta

Arma 3 Alpha

BattlEye for OA Uninstall

BattlEye Uninstall

CameraHelperMsi

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP560 series MP Drivers

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 6.2

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC3

Crusader Kings II

CyberLink DVD Suite Deluxe

CyberLink PowerDirector

CyberLink WaveEditor

D3DX10

DVD Menu Pack for HP MediaSmart Video

erLT

Fraps (remove only)

gamelauncher-code4344-beta

gamelauncher-ps2-live

GlassFish Server Open Source Edition 3.1.2

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Chrome Frame

Google Earth

Google Update Helper

Hacker Evolution Duality

HiJackThis

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Odometer

HP Support Information

HPAsset component for HP Active Support Library

HydraIRC

Java 7 Update 17

Java Auto Updater

Java SE Development Kit 7 Update 15

Junk Mail filter update

Kaspersky PURE 3.0

Kaspersky Security Scan

League of Legends

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

Lua for Windows 5.1.4-46

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

MagniPic

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Beta

Microsoft Application Error Reporting

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office 2010

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Game Long Name

NetBeans IDE 7.1.2

NetBeans IDE 7.3

NETGEAR WG111v3 wireless USB 2.0 adapter

Notepad++

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Omerta - City of Gangsters

OpenAL

Paint.NET v3.5.10

PDF Complete Special Edition

PlanetSide 2

Play withSIX

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

PowerDirector

Proteus

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

ROBLOX Player

ROBLOX Studio 2013

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

Sid Meier's Civilization V

Simple Adblock

Six Updater

Skype™ 6.3

Steam

SUPERAntiSpyware

Supreme Ruler 2020: Gold

Supreme Ruler Cold War

swMSM

Team Fortress 2

TeamSpeak 3 Client

The Sims™ 3

Tropico 4

Ubisoft Game Launcher

Unity Web Player

Visual Studio 2008 x64 Redistributables

WebM Media Foundation Components

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

11/04/2013 03:56:32, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

11/04/2013 03:52:27, Error: Service Control Manager [7023] - The UPnP Device Host service terminated with the following error: Access is denied.

11/04/2013 03:20:45, Error: Ntfs [137] - The default transaction resource manager on volume J: encountered a non-retryable error and could not start. The data contains the error code.

11/04/2013 02:52:40, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

11/04/2013 02:45:22, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

11/04/2013 01:52:11, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

10/04/2013 07:30:11, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/04/2013 07:29:40, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

08/04/2013 15:41:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

08/04/2013 15:01:47, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

08/04/2013 15:01:47, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

08/04/2013 15:01:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

08/04/2013 15:01:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

08/04/2013 15:01:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

08/04/2013 15:01:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

08/04/2013 15:01:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

07/04/2013 22:21:08, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

07/04/2013 22:21:08, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.

07/04/2013 22:19:52, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 22:19:52, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 22:19:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

07/04/2013 19:21:42, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

07/04/2013 19:21:40, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:40, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 19:21:39, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

07/04/2013 19:21:39, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

07/04/2013 16:52:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

.

==== End Of File ===========================

Thank-you for putting up with me for this long, Daniel!

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

You are welcome :)

Just a note. If you purchased MBAM Pro, a Freeware AVP like Microsoft Security Essentials is well enough protection ( I run the same combination on my PCs ). It is up to you.

Did ESET find anything ? I miss the log in your last reply.

Open notepad and copy/paste the text in the Code-box below into it:


DDS::
mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"ANTIVIRUSDISABLENOTIFY"=dword:00000000
"FIREWALLDISABLENOTIFY"=dword:00000000
"UPDATESDISABLENOTIFY"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"UacDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

Did ESET find anything ? I miss the log in your last reply.

ESET ... ?

ComboFix Log:

ComboFix 13-04-11.01 - Benjamin 11/04/2013 15:09:36.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.13635 [GMT -4:00]

Running from: c:\users\Benjamin\Desktop\ComboFix.exe

Command switches used :: c:\users\Benjamin\Desktop\CFScript.txt

AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))

.

.

2013-04-11 19:22 . 2013-04-11 19:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-11 19:22 . 2013-04-11 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-11 09:11 . 2013-04-11 09:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\offreg.dll

2013-04-11 07:18 . 2013-04-11 07:18 -------- d-----w- C:\Encryption

2013-04-11 06:26 . 2012-07-11 21:09 64856 ----a-w- c:\windows\system32\klfphc.dll

2013-04-11 06:25 . 2011-06-02 18:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2013-04-11 06:25 . 2011-06-02 18:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2013-04-11 06:25 . 2013-04-11 06:25 -------- d-----w- c:\windows\ELAMBKUP

2013-04-11 06:24 . 2013-04-11 06:24 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch

2013-04-11 06:24 . 2012-11-02 19:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-04-11 06:24 . 2012-11-02 19:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys

2013-04-11 04:17 . 2013-04-11 18:57 -------- d-----w- c:\programdata\Kaspersky Lab

2013-04-11 04:17 . 2013-04-11 06:24 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-04-09 23:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F532F70-CD4E-48C3-90D6-2CBE86CFD58D}\mpengine.dll

2013-04-09 23:27 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-09 23:27 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-09 23:27 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-09 23:27 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-09 23:27 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-09 23:27 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-09 23:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-09 23:26 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-09 23:26 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-09 23:26 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-09 23:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-09 23:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-09 23:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-08 22:57 . 2013-04-08 22:57 -------- d-----w- C:\FRST

2013-04-08 01:25 . 2013-04-08 01:25 388096 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25 . 2013-04-08 01:25 -------- d-----w- c:\program files (x86)\Trend Micro

2013-04-07 23:25 . 2013-04-08 18:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-07 22:14 . 2013-04-07 22:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-04-07 01:44 . 2013-04-07 01:44 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-06 04:45 . 2013-04-06 04:45 -------- d-----w- c:\programdata\Apple Computer

2013-04-06 04:44 . 2013-04-06 04:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-04-04 19:24 . 2013-04-06 01:39 -------- d-----w- c:\users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41 . 2013-04-03 17:49 -------- d-----w- C:\Fraps

2013-03-25 23:47 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-22 07:09 . 2013-03-22 07:10 -------- d-----w- c:\program files (x86)\glassfish-3.1.2.2

2013-03-17 09:12 . 2013-03-17 09:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34 . 2013-03-17 07:34 -------- d-----w- c:\users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44 . 2013-03-17 03:44 -------- d-----w- C:\Riot Games

2013-03-17 02:49 . 2013-03-17 03:43 -------- d-----w- c:\program files (x86)\League of Legends

2013-03-17 02:48 . 2013-04-02 19:15 -------- d-----w- c:\program files (x86)\Pando Networks

2013-03-17 02:46 . 2013-03-17 02:46 -------- d-----w- c:\users\Benjamin\.swt

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\CLSoft LTD

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\Premium

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\program files (x86)\MagniPic

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\InstallMate

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-10 07:02 . 2012-03-30 19:50 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 18:50 . 2011-09-03 23:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-17 09:12 . 2012-04-20 09:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12 . 2012-04-12 21:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2012-12-24 07:35 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-12-24 07:35 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2012-12-24 07:35 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2012-10-11 02:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-03-29 19:04 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-01-16 21:13 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-01-16 21:13 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-01-16 21:13 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-01-16 21:13 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-01-16 21:13 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-13 16:24 . 2012-11-18 08:02 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-13 09:42 . 2012-03-29 19:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 09:42 . 2011-09-21 19:18 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 05:10 . 2011-09-03 23:48 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll

2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2013-02-12 05:45 . 2013-03-13 02:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 02:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 02:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 02:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-13 21:17 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35 . 2013-02-27 08:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32 . 2013-02-27 08:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31 . 2013-02-27 08:00 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-01-13 20:22 . 2013-02-27 08:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-01-13 20:20 . 2013-02-27 08:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-01-13 20:09 . 2013-02-27 08:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08 . 2013-02-27 08:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-01-13 20:08 . 2013-02-27 08:00 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-01-13 19:59 . 2013-02-27 08:00 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-01-13 19:58 . 2013-02-27 08:00 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-01-13 19:54 . 2013-02-27 08:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-01-13 19:53 . 2013-02-27 08:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53 . 2013-02-27 08:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-01-13 19:51 . 2013-02-27 08:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-01-13 19:49 . 2013-02-27 08:00 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-01-13 19:48 . 2013-02-27 08:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-01-13 19:46 . 2013-02-27 08:00 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-01-13 19:43 . 2013-02-27 08:00 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38 . 2013-02-27 08:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-01-13 19:38 . 2013-02-27 08:00 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-01-13 19:38 . 2013-02-27 08:00 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-01-13 19:37 . 2013-02-27 08:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-01-13 19:25 . 2013-02-27 08:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-01-13 19:24 . 2013-02-27 08:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-01-13 19:24 . 2013-02-27 08:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-01-13 19:20 . 2013-02-27 08:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-01-13 19:20 . 2013-02-27 08:00 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-01-13 19:15 . 2013-02-27 08:00 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-01-13 19:10 . 2013-02-27 08:00 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-01-13 19:02 . 2013-02-27 08:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-01-13 18:34 . 2013-02-27 08:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32 . 2013-02-27 08:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-01-13 18:09 . 2013-02-27 08:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-01-13 17:26 . 2013-02-27 08:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-01-13 17:05 . 2013-02-27 08:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}]

2013-04-11 06:32 2404920 ----a-w- c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{215BA832-75A3-426E-A4FC-7C5B58CE6A10}"= "c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll" [2013-04-11 2404920]

.

[HKEY_CLASSES_ROOT\clsid\{215ba832-75a3-426e-a4fc-7c5b58ce6a10}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-20 22:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 102400]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-04-11 2254768]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2013-04-11 206240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-04-11 252848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"ANTIVIRUSDISABLENOTIFY"=dword:00000001

"FIREWALLDISABLENOTIFY"=dword:00000001

"UPDATESDISABLENOTIFY"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]

R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-04-11 53248]

R3 netr7364;TP-LINK Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 ALSysIO;ALSysIO;c:\users\Benjamin\AppData\Local\Temp\ALSysIO64.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 29528]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 19:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:42]

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 06:53]

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 06:53]

.

2013-03-27 c:\windows\Tasks\HPCeeScheduleForBENJAMIN-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1da7ad31-acae-4e45-a873-9f3b6d58f26f.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-04-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65d3a394-8000-44df-86d9-3949e19d3981.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-20 22:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2013-04-11 62768]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

mLocal Page = c:\windows\system32\blank.htm

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Kaspersky PURE - c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-nbi-nb-base-7.1.2.0.0 - c:\program files (x86)\NetBeans 7.1.2\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_™\00\00™\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~™\00\00™\00\00\00\00\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-11 15:49:35

ComboFix-quarantined-files.txt 2013-04-11 19:49

ComboFix2.txt 2013-04-08 20:31

.

Pre-Run: 499,496,091,648 bytes free

Post-Run: 499,679,498,240 bytes free

.

- - End Of File - - 9C8885335F8C97C0A3A13497BFB67DF4

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

http://forums.malwarebytes.org/index.php?showtopic=124793&view=findpost&p=666549

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites
overkill99

overkill99

Posted
  • Author
Posted

ESET Log:

C:\cygwin\bin\tr.exe Win32/Sality.NBA virus

C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application

C:\Program Files (x86)\MagniPic\sprotector.dll a variant of Win32/SProtector.A application

C:\Program Files (x86)\MagniPic\uninstall.exe Win32/SProtector.B application

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\6a920497-7b79d82a a variant of Java/Exploit.CVE-2013-0422.AJ trojan

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\618f9ed9-3492b8e2 multiple threats

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1d3caa5a-77fce39c multiple threats

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\7c52cba4-1a80efa0 Java/Exploit.CVE-2012-4681.K trojan

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1490c126-2be2a113 Java/Exploit.CVE-2012-4681.CR trojan

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\78da28ad-4f5d0010 multiple threats

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6cc5d3b0-36c21dfb a variant of Java/Exploit.CVE-2012-1723.CF trojan

C:\Users\Benjamin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6efd2ef3-13fb5ecc a variant of Java/Exploit.CVE-2012-1723.IM trojan

ComboFix Log:

ComboFix 13-04-11.01 - Benjamin 13/04/2013 20:43:11.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16383.13968 [GMT -4:00]

Running from: c:\users\Benjamin\Desktop\ComboFix.exe

Command switches used :: c:\users\Benjamin\Desktop\CFScript.txt

AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))

.

.

2013-04-14 00:58 . 2013-04-14 00:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-14 00:58 . 2013-04-14 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-14 00:39 . 2013-04-14 00:39 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-04-14 00:28 . 2013-04-14 00:28 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4090A3C8-2C16-4268-A504-B61BDAF80191}\offreg.dll

2013-04-12 20:52 . 2013-04-12 20:52 -------- d-----w- c:\program files (x86)\ESET

2013-04-12 12:16 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4090A3C8-2C16-4268-A504-B61BDAF80191}\mpengine.dll

2013-04-12 06:01 . 2013-04-12 06:02 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Evolution

2013-04-11 07:18 . 2013-04-11 07:18 -------- d-----w- C:\Encryption

2013-04-11 06:26 . 2012-07-11 21:09 64856 ----a-w- c:\windows\system32\klfphc.dll

2013-04-11 06:25 . 2011-06-02 18:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2013-04-11 06:25 . 2011-06-02 18:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys

2013-04-11 06:25 . 2013-04-11 06:25 -------- d-----w- c:\windows\ELAMBKUP

2013-04-11 06:24 . 2013-04-11 06:24 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch

2013-04-11 06:24 . 2012-11-02 19:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-04-11 06:24 . 2012-11-02 19:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys

2013-04-11 04:17 . 2013-04-14 00:21 -------- d-----w- c:\programdata\Kaspersky Lab

2013-04-11 04:17 . 2013-04-11 06:24 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-04-09 23:27 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-09 23:27 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-09 23:27 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-09 23:27 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-09 23:27 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-09 23:27 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-09 23:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-09 23:26 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-09 23:26 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-09 23:26 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-09 23:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-09 23:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-09 23:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-09 23:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-08 22:57 . 2013-04-08 22:57 -------- d-----w- C:\FRST

2013-04-08 01:25 . 2013-04-08 01:25 388096 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-04-08 01:25 . 2013-04-08 01:25 -------- d-----w- c:\program files (x86)\Trend Micro

2013-04-07 23:25 . 2013-04-14 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-07 01:44 . 2013-04-07 01:44 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-06 04:45 . 2013-04-06 04:45 -------- d-----w- c:\programdata\Apple Computer

2013-04-06 04:44 . 2013-04-06 04:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2013-04-04 19:24 . 2013-04-06 01:39 -------- d-----w- c:\users\Benjamin\AppData\Local\Arma 3 Alpha

2013-04-03 17:41 . 2013-04-03 17:49 -------- d-----w- C:\Fraps

2013-03-25 23:47 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-22 07:09 . 2013-03-22 07:10 -------- d-----w- c:\program files (x86)\glassfish-3.1.2.2

2013-03-17 09:12 . 2013-03-17 09:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 07:34 . 2013-03-17 07:34 -------- d-----w- c:\users\Benjamin\AppData\Roaming\LolClient

2013-03-17 03:48 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-03-17 03:48 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2013-03-17 03:44 . 2013-03-17 03:44 -------- d-----w- C:\Riot Games

2013-03-17 02:49 . 2013-03-17 03:43 -------- d-----w- c:\program files (x86)\League of Legends

2013-03-17 02:48 . 2013-04-02 19:15 -------- d-----w- c:\program files (x86)\Pando Networks

2013-03-17 02:46 . 2013-03-17 02:46 -------- d-----w- c:\users\Benjamin\.swt

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\CLSoft LTD

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\Premium

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\program files (x86)\MagniPic

2013-03-16 01:52 . 2013-03-16 01:52 -------- d-----w- c:\programdata\InstallMate

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-14 00:21 . 2012-03-29 19:02 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-14 00:21 . 2011-09-21 19:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-10 07:02 . 2012-03-30 19:50 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 18:50 . 2011-09-03 23:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-17 09:12 . 2012-04-20 09:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-17 09:12 . 2012-04-12 21:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-15 05:53 . 2012-12-24 07:35 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-12-24 07:35 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2012-12-24 07:35 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2012-10-11 02:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2012-03-29 19:04 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-01-16 21:13 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-01-16 21:13 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-01-16 21:13 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-01-16 21:13 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-01-16 21:13 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-13 16:24 . 2012-11-18 08:02 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-12 05:10 . 2011-09-03 23:48 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-26 06:31 . 2013-02-26 06:31 71680 ----a-w- c:\windows\system32\frapsv64.dll

2013-02-26 06:31 . 2013-02-26 06:31 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2013-02-12 05:45 . 2013-03-13 02:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 02:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 02:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 02:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 02:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}]

2013-04-11 06:32 2404920 ----a-w- c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{215BA832-75A3-426E-A4FC-7C5B58CE6A10}"= "c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll" [2013-04-11 2404920]

.

[HKEY_CLASSES_ROOT\clsid\{215ba832-75a3-426e-a4fc-7c5b58ce6a10}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-20 22:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 102400]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-04-11 2254768]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2013-04-11 206240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-04-11 252848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]

R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-04-11 53248]

R3 netr7364;TP-LINK Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 29528]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 19:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:21]

.

2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 06:53]

.

2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 06:53]

.

2013-03-27 c:\windows\Tasks\HPCeeScheduleForBENJAMIN-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2012-12-20 22:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2013-04-11 62768]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270

mLocal Page = c:\windows\system32\blank.htm

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Kaspersky PURE - c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://oceanscene-lahinch.remotemanager.co.uk/common/activex/MJPEGRender.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-nbi-nb-base-7.1.2.0.0 - c:\program files (x86)\NetBeans 7.1.2\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_™\00\00™\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~™\00\00™\00\00\00\00\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-13 21:20:11

ComboFix-quarantined-files.txt 2013-04-14 01:20

ComboFix2.txt 2013-04-11 19:49

ComboFix3.txt 2013-04-08 20:31

.

Pre-Run: 501,511,426,048 bytes free

Post-Run: 501,580,337,152 bytes free

.

- - End Of File - - 803D6EC0AF5BA0D2A1F2100D6EEBEC70

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy there.

Your system still slow ? ESET showed up something which is not good so I want to confirm that this file is really a fileinfector.

Please go to: VirusTotal

  • In the middle of the page you'll find a "Browse" button.
    VIRUSTOTAL3.jpg
  • Click the Browse Button and Copy/Paste the following red text into the File name: field
    C:\cygwin\bin\tr.exe
  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
    NOTE: If you get a message saying File already submitted: click Reanalyze
  • Once scanned, copy and paste the results in your next reply.

Do not delete any files unless I told you to do so

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy. I am aware what Cygwin is but it is shown as infected. Could be a FP :)

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

MagniPic

Open notepad and copy/paste the text in the Code-box below into it:


DDS::
mStart Page = hxxp://searchou.com/?affil=7&uid=0faaddb9-8ddc-11e2-bdc5-64315044d270
Folder::
c:\program files (x86)\MagniPic
DirLook::
c:\programdata\Premium
ClearJavaCache::

  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is your system behaving now ?

Link to post
Share on other sites
  • 4 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.