Apache Malware Spyware or virus

benitani · May 26, 2013

Very Old Thread 2010: http://forums.malwar...showtopic=64115

Before I have no problem visiting website but now I see the Apache 2 Test Page. My brother PC and my table I still see apachetestpage. A few week ago I was able to avoid the apachetestpage by reset my router to get a new IP(have dynamic ip)also using proxy. Reset to get new IP don't work anymore. I did a little searching in google and some recommended that it could be my DNS, so change my DNS to google 8.8.8.8 - 8.8.4.4. I port forwarding port:80 port:224 still show Apache 2 Test Page. I bridge my modem 2wire to netgear. I follow what Elise said, using OTL, RKUnhookerLE ( having error went running RKUnhookerLE so using Malwarebytes Anti-Rootkit BETA), and ComboFix.

benitani · May 26, 2013

OLT.txt part 1

OTL logfile created on: 5/26/2013 2:04:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marc\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 21.84% Memory free

7.91 Gb Paging File | 3.60 Gb Available in Paging File | 45.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 317.57 Gb Free Space | 68.18% Space Free | Partition Type: NTFS

Computer Name: MMARC-PC | User Name: marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/26 14:04:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Downloads\OTL.exe

PRC - [2013/05/24 01:53:52 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/05/08 19:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/05/08 15:40:57 | 000,768,584 | ---- | M] (Malwarebytes Corporation) -- C:\Users\marc\Desktop\mbar\mbar.exe

PRC - [2013/04/03 03:56:51 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2013/04/02 21:35:00 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe

PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe

PRC - [2012/11/15 18:31:02 | 002,940,928 | ---- | M] (Moliyo Ltd.) -- C:\Program Files (x86)\Tales of Pirates II\system\Game.exe

PRC - [2012/09/20 15:24:00 | 002,564,096 | ---- | M] () -- C:\xampp\xampp-control.exe

PRC - [2012/08/31 10:03:00 | 000,537,918 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe

PRC - [2012/08/31 10:03:00 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe

PRC - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/02/07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012/01/26 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/24 01:53:51 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/05/22 22:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll

MOD - [2013/05/22 22:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll

MOD - [2013/05/22 22:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll

MOD - [2013/05/22 22:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll

MOD - [2013/05/22 22:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll

MOD - [2012/12/11 22:32:37 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012/11/15 18:31:02 | 001,617,920 | ---- | M] () -- C:\Program Files (x86)\Tales of Pirates II\system\MindPower3D_D8R.dll

MOD - [2012/10/06 03:54:27 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012/10/06 03:54:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012/09/20 15:24:00 | 002,564,096 | ---- | M] () -- C:\xampp\xampp-control.exe

MOD - [2012/08/31 04:02:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2012/04/05 17:49:40 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

MOD - [2009/06/10 14:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009/06/10 14:23:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2009/06/10 14:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009/06/10 14:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2006/03/02 15:50:00 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Tales of Pirates II\system\CaLua.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)

SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/13 18:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)

SRV - [2013/05/24 01:53:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/14 19:11:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/08 19:22:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/04/19 14:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/31 10:03:00 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe -- (DNSCrypt)

SRV - [2012/08/18 03:38:28 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)

SRV - [2012/02/07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/02/07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/02/07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/26 13:53:31 | 000,162,008 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (mbamswissarmy)

DRV:64bit: - [2013/05/26 13:49:34 | 000,036,680 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2013/05/24 23:06:05 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2013/05/19 02:53:17 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2013/04/16 04:13:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2013/04/02 21:35:00 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2013/02/20 11:07:40 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2013/01/17 12:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)

DRV:64bit: - [2013/01/17 00:39:12 | 000,041,392 | ---- | M] (SeriousBit) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (nbdrv)

DRV:64bit: - [2013/01/10 15:08:16 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2013/01/10 15:08:16 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)

DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/07/15 11:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)

DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/26 10:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/26 10:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/26 10:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/08/23 06:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/11/17 16:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 0A 91 04 86 59 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{B8BB36ED-898A-45E4-9E09-887B5E3ED066}: "URL" = http://websearch.ask...9E-EB2840BCDE15

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: dgs229%40nyu.edu:1.86

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3251747&SearchSource=2&CUI=UN82628310116391111&UM=2&q="

FF - prefs.js..network.proxy.backup.ftp: "186.91.70.96"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.socks: "186.91.70.96"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "186.91.70.96"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.gopher: ""

FF - prefs.js..network.proxy.gopher_port: 0

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013/04/03 02:32:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/04/03 03:57:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/04/03 02:32:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/02 21:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Extensions

[2013/05/26 11:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions

[2013/05/18 02:43:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\firefox@ghostery.com

[2013/04/05 17:36:46 | 000,008,956 | ---- | M] () (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\dgs229@nyu.edu.xpi

[2013/05/26 02:45:25 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013/05/08 23:56:15 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/05/26 11:48:59 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2013/05/24 01:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/05/24 01:53:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - Extension: Google Docs = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\

CHR - Extension: Google Search = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: ProxMate - Improve your Internet! = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.1_0\

CHR - Extension: Gmail = C:\Users\marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.112

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FX99

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8153D7-E1B3-4447-82B7-C93E775E57B5}: DhcpNameServer = 10.0.0.112

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f8917f34-9c14-11e2-8601-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f8917f34-9c14-11e2-8601-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ASRSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/26 13:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/05/26 13:53:31 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys

[2013/05/26 13:48:44 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\mbar

[2013/05/26 12:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 1.8.1-0

[2013/05/26 12:01:04 | 000,000,000 | ---D | C] -- C:\xampp

[2013/05/26 04:22:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2013/05/26 04:22:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2013/05/26 03:34:04 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2013/05/26 03:34:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2013/05/26 03:22:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/26 03:22:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/26 03:22:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/05/26 03:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/26 03:22:15 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/05/26 03:22:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2013/05/26 03:22:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/05/26 03:22:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/05/26 03:22:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/26 03:22:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/05/26 03:22:15 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/05/26 03:22:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/05/26 03:22:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/05/26 03:22:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/05/26 03:22:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/26 03:22:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/05/26 03:22:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/26 03:22:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/05/26 03:22:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/05/26 03:22:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/05/26 03:22:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/26 03:22:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2013/05/26 03:22:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/26 03:22:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/05/26 03:22:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/26 03:22:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/05/26 03:22:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2013/05/26 03:22:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2013/05/26 03:22:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/26 03:22:13 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/05/26 03:22:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2013/05/26 03:22:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/05/26 03:22:11 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/05/26 03:22:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/05/26 03:22:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/26 03:22:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/26 03:22:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/26 03:22:10 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2013/05/26 03:22:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/26 03:22:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/26 03:22:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2013/05/26 03:22:10 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2013/05/26 03:22:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/05/26 03:22:10 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/05/26 03:22:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/05/26 03:22:10 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2013/05/26 03:22:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/26 03:22:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/05/26 03:22:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/05/26 03:22:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/05/26 03:22:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/05/26 03:22:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/05/26 03:22:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/05/26 03:22:09 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/05/26 03:22:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/05/26 03:22:09 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/05/26 03:22:09 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/05/26 03:22:09 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/05/26 03:22:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/26 03:22:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/05/26 03:22:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/05/26 03:22:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/26 03:22:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/26 03:22:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/26 03:22:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/26 03:22:08 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/05/26 03:22:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/05/26 03:22:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/05/26 03:22:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/26 03:22:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/26 03:22:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/26 03:22:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/05/26 03:02:43 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/05/26 03:02:43 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/05/26 03:02:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/05/26 03:02:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/05/26 03:02:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/05/26 03:02:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/05/26 03:01:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2013/05/26 03:01:49 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2013/05/26 03:01:49 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2013/05/26 03:01:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2013/05/26 02:49:46 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2013/05/26 02:49:46 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2013/05/26 02:45:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/05/26 02:41:06 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/05/26 02:41:06 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/05/26 02:41:06 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/05/26 02:41:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/05/26 02:41:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/05/26 02:41:04 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2013/05/26 02:41:04 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2013/05/26 02:41:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2013/05/26 02:41:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2013/05/26 02:41:04 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2013/05/26 02:41:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2013/05/26 02:41:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2013/05/26 02:41:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2013/05/26 02:41:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2013/05/26 02:41:03 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/05/26 02:41:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/05/26 02:39:27 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2013/05/26 02:39:27 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2013/05/26 02:39:25 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2013/05/26 02:39:24 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2013/05/26 02:39:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2013/05/26 02:39:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2013/05/26 02:38:13 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/05/26 02:38:13 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/05/26 02:38:13 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/05/26 02:38:13 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/05/26 02:38:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/05/26 02:38:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/05/26 02:37:47 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll

[2013/05/26 02:37:47 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll

[2013/05/26 02:37:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/05/26 02:37:37 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/05/26 02:37:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/05/26 02:37:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/05/26 02:37:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/05/26 02:37:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/05/26 02:37:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/05/26 02:37:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/05/26 02:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/05/26 02:37:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/05/26 02:37:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/05/26 02:37:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/05/26 02:37:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/05/26 02:37:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/05/26 02:37:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/05/26 02:37:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

benitani · May 26, 2013

OTL.txt part 2

[2013/05/26 02:37:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/05/26 02:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/05/26 02:37:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/05/26 02:37:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/05/26 02:37:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/05/26 02:37:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/05/26 02:37:04 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll

[2013/05/26 02:37:04 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll

[2013/05/26 02:37:04 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll

[2013/05/26 02:37:04 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll

[2013/05/26 02:37:04 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe

[2013/05/26 02:37:04 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll

[2013/05/26 02:37:04 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe

[2013/05/26 02:37:04 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe

[2013/05/26 02:35:59 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2013/05/26 02:35:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2013/05/26 02:35:57 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/05/26 02:35:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2013/05/26 02:35:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2013/05/26 02:35:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2013/05/26 02:35:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2013/05/26 02:35:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2013/05/26 02:35:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2013/05/26 02:35:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2013/05/26 02:35:54 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2013/05/26 02:35:54 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax

[2013/05/26 02:35:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2013/05/26 02:35:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax

[2013/05/26 02:35:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax

[2013/05/26 02:35:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax

[2013/05/26 02:35:36 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2013/05/26 02:35:21 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2013/05/26 02:35:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2013/05/26 02:35:01 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2013/05/26 02:35:00 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll

[2013/05/26 02:35:00 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2013/05/26 02:35:00 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2013/05/26 02:35:00 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2013/05/26 02:35:00 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2013/05/26 02:35:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2013/05/26 02:34:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2013/05/26 02:34:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2013/05/26 02:34:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2013/05/26 02:34:57 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2013/05/26 02:34:38 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013/05/26 02:34:35 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2013/05/26 02:34:33 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2013/05/26 02:34:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2013/05/26 02:34:32 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2013/05/26 02:34:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2013/05/26 02:34:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2013/05/26 02:34:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2013/05/26 02:34:21 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2013/05/26 02:34:19 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2013/05/26 02:34:14 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2013/05/26 02:34:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2013/05/26 02:33:58 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013/05/26 02:33:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2013/05/26 02:33:50 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2013/05/26 02:33:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2013/05/26 02:33:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

[2013/05/26 02:33:48 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2013/05/26 02:33:48 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2013/05/26 02:33:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/05/26 02:33:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2013/05/26 02:33:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2013/05/26 02:33:45 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2013/05/26 02:33:45 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2013/05/26 02:33:45 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2013/05/26 02:33:45 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2013/05/26 02:33:45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2013/05/26 02:33:45 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2013/05/26 02:33:45 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2013/05/26 02:33:42 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2013/05/26 02:33:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2013/05/26 02:33:41 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/05/26 02:33:41 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/05/26 02:33:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2013/05/26 02:33:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2013/05/26 02:33:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2013/05/26 02:33:38 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2013/05/26 02:33:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2013/05/26 02:33:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2013/05/26 02:33:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2013/05/26 02:33:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2013/05/26 02:33:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll

[2013/05/26 02:33:10 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/26 02:33:06 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2013/05/26 02:33:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2013/05/26 02:33:05 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2013/05/26 02:33:05 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2013/05/26 02:30:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/05/26 02:28:33 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/05/26 02:28:33 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/05/26 02:28:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/05/26 02:28:32 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/05/26 02:28:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/05/26 02:28:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/05/26 02:28:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll

[2013/05/26 02:28:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

[2013/05/26 02:28:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2013/05/26 02:27:53 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/05/25 19:32:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2013/05/25 19:32:44 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/05/25 19:32:44 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2013/05/25 19:32:41 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2013/05/25 19:32:41 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2013/05/25 19:32:40 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2013/05/25 19:32:40 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2013/05/25 19:32:40 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2013/05/25 19:32:40 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2013/05/25 19:32:40 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2013/05/25 19:32:40 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2013/05/25 19:32:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2013/05/25 19:32:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2013/05/25 19:32:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2013/05/25 19:32:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2013/05/25 19:32:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2013/05/25 19:32:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2013/05/25 19:32:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2013/05/25 19:32:39 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2013/05/25 19:32:39 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2013/05/25 19:32:39 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2013/05/25 19:32:39 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2013/05/25 19:32:39 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2013/05/25 19:32:39 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2013/05/25 19:32:39 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2013/05/25 19:32:39 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2013/05/25 19:32:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2013/05/25 19:32:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2013/05/25 19:32:39 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2013/05/25 19:32:39 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2013/05/25 19:32:39 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2013/05/25 19:32:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2013/05/25 19:32:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2013/05/25 19:32:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2013/05/25 19:32:29 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2013/05/25 19:32:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2013/05/25 19:32:27 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/05/25 19:32:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/05/25 19:32:22 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll

[2013/05/25 19:32:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll

[2013/05/25 19:32:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2013/05/25 19:32:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll

[2013/05/25 19:32:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll

[2013/05/25 19:32:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll

[2013/05/25 19:32:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll

[2013/05/25 19:32:19 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/05/25 19:32:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/05/25 19:32:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/05/25 19:32:01 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/05/25 19:32:00 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2013/05/25 19:31:59 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2013/05/25 19:31:54 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll

[2013/05/25 19:31:52 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/05/25 19:31:51 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll

[2013/05/25 19:31:51 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/25 19:31:51 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2013/05/25 19:31:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll

[2013/05/25 19:31:51 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2013/05/25 19:31:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/25 19:31:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2013/05/25 19:31:50 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll

[2013/05/25 19:31:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2013/05/25 19:31:34 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/05/25 19:31:14 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/05/25 19:31:14 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/05/25 19:31:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/05/25 19:31:14 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/05/25 19:31:14 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/05/25 19:31:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/05/25 19:31:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/05/25 19:31:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/05/25 19:31:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/05/25 19:31:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/05/25 19:31:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/05/25 19:31:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/05/25 19:31:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/05/25 19:31:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/05/25 19:31:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/05/25 19:31:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/05/25 19:31:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/05/25 19:31:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/05/25 19:31:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/05/25 19:31:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/05/25 19:31:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/05/25 19:31:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/05/25 19:31:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/05/25 19:31:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/05/25 19:31:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/05/25 19:31:13 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/05/25 19:31:13 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/05/25 19:31:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/05/25 19:31:13 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/05/25 19:31:13 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/05/25 19:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/05/25 19:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/05/25 19:31:07 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2013/05/25 19:30:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2013/05/25 19:30:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2013/05/25 19:30:07 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2013/05/25 19:30:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2013/05/25 18:26:03 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2013/05/25 18:25:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2013/05/25 18:25:55 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2013/05/25 18:25:30 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/05/25 18:25:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/05/25 18:24:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2013/05/25 18:24:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2013/05/25 18:15:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2013/05/25 18:15:39 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2013/05/25 18:15:31 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2013/05/25 18:15:31 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2013/05/25 13:26:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013/05/25 13:26:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013/05/25 13:26:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2013/05/25 13:26:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013/05/25 13:26:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013/05/25 13:26:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013/05/25 13:26:16 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013/05/25 13:26:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013/05/25 02:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\notracks.com

[2013/05/25 02:12:32 | 000,539,984 | ---- | C] (EasyTech) -- C:\Windows\SysNative\EasyRedirect64.dll

[2013/05/25 02:12:31 | 000,380,240 | ---- | C] (EasyTech) -- C:\Windows\SysWow64\EasyRedirect.dll

[2013/05/25 02:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP

[2013/05/25 02:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Hide-IP

[2013/05/25 02:06:09 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\AutoHideIP

[2013/05/25 02:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoHideIP

[2013/05/25 02:05:45 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\APN

[2013/05/25 01:57:11 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\Easy-Hide-IP.2.1.cracked-SND

[2013/05/24 23:06:05 | 000,032,320 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS

[2013/05/24 01:53:29 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs

[2013/05/24 01:53:29 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\HideIPEasy

[2013/05/24 01:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HideIPEasy

[2013/05/24 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portable

[2013/05/22 05:45:27 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\OpenDNS Updater

[2013/05/21 01:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie

[2013/05/20 11:19:50 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/05/20 06:12:32 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\PrivateTunnel

[2013/05/20 06:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies

[2013/05/20 01:26:40 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\OpenDNS

[2013/05/20 01:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\OpenDNS

[2013/05/20 01:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDNS

[2013/05/20 01:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS

[2013/05/19 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\Vidalia

[2013/05/19 02:53:22 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\NETGEARGenie

[2013/05/19 02:53:17 | 000,369,168 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll

[2013/05/19 02:53:17 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll

[2013/05/19 02:53:17 | 000,106,000 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\packet.dll

[2013/05/19 02:53:17 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\packet.dll

[2013/05/19 02:53:17 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys

[2013/05/18 17:26:18 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\ElevatedDiagnostics

[2013/05/16 02:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2013/05/16 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2013/05/16 01:48:36 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\The_Legend_of_Zelda_Twilight_Princess_USA_NGC-STARCUBE

[2013/05/11 00:06:11 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\Diagnostics

[2013/05/08 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\marc\Documents\Battlefield 3

[2013/05/08 19:09:15 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\ESN

[2013/05/08 19:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2013/05/08 19:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2013/05/08 19:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2013/05/07 16:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3

[2013/05/07 16:13:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2013/05/07 15:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2013/05/07 15:38:46 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\Logitech

[2013/05/07 15:31:09 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

[2013/05/07 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2013/05/07 15:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software

[2013/05/07 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Logitech

[2013/05/07 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Logishrd

[2013/05/07 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Origin

[2013/05/07 15:22:12 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\Origin

[2013/05/07 15:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2013/05/07 15:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2013/05/07 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013/05/07 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2013/05/07 15:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2013/05/03 01:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2013/04/30 16:59:17 | 000,000,000 | R--D | C] -- C:\Sandbox

========== Files - Modified Within 30 Days ==========

[2013/05/26 13:53:31 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys

[2013/05/26 13:49:34 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/05/26 13:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce487556c44654.job

[2013/05/26 13:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/26 11:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

[2013/05/26 11:48:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/26 04:31:45 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/26 04:31:45 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/26 04:31:45 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/26 04:31:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/26 04:31:30 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/26 04:27:24 | 000,001,437 | ---- | M] () -- C:\Users\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/05/26 04:27:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/26 04:27:07 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

[2013/05/26 04:25:26 | 000,288,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/26 04:25:09 | 3184,021,504 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/26 04:09:41 | 000,772,214 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/05/26 03:22:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/26 03:22:15 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/26 03:22:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/05/26 03:22:15 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/26 03:22:15 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/05/26 03:22:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2013/05/26 03:22:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/05/26 03:22:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/05/26 03:22:15 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/26 03:22:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/05/26 03:22:15 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/05/26 03:22:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/05/26 03:22:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/05/26 03:22:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/05/26 03:22:14 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/26 03:22:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/05/26 03:22:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/26 03:22:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/05/26 03:22:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/05/26 03:22:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/05/26 03:22:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/26 03:22:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2013/05/26 03:22:14 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/26 03:22:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/05/26 03:22:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/05/26 03:22:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/26 03:22:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/05/26 03:22:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2013/05/26 03:22:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2013/05/26 03:22:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/26 03:22:13 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/05/26 03:22:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2013/05/26 03:22:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/05/26 03:22:11 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/05/26 03:22:11 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/05/26 03:22:11 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/26 03:22:10 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/26 03:22:10 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/26 03:22:10 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2013/05/26 03:22:10 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/26 03:22:10 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/26 03:22:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2013/05/26 03:22:10 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2013/05/26 03:22:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/05/26 03:22:10 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/05/26 03:22:10 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/05/26 03:22:10 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2013/05/26 03:22:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/26 03:22:10 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/05/26 03:22:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/05/26 03:22:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/05/26 03:22:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/05/26 03:22:10 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/05/26 03:22:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/05/26 03:22:09 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/05/26 03:22:09 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/05/26 03:22:09 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/05/26 03:22:09 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/05/26 03:22:09 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/05/26 03:22:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/26 03:22:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/05/26 03:22:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/05/26 03:22:08 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/26 03:22:08 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/26 03:22:08 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/26 03:22:08 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/26 03:22:08 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/05/26 03:22:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/05/26 03:22:08 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/05/26 03:22:08 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/26 03:22:08 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/26 03:22:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/05/26 03:22:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/26 03:22:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/05/25 22:36:46 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap

[2013/05/25 12:49:35 | 000,003,520 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini

[2013/05/25 12:49:35 | 000,002,040 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini

[2013/05/25 12:49:35 | 000,002,040 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini

[2013/05/25 02:12:31 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk

[2013/05/25 01:58:06 | 000,000,068 | ---- | M] () -- C:\Windows\MyProg.ini

[2013/05/24 23:06:05 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS

[2013/05/24 23:05:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/05/22 07:51:04 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2013/05/21 03:10:24 | 000,000,008 | RHS- | M] () -- C:\Users\marc\ntuser.pol

[2013/05/20 20:49:26 | 731,615,232 | ---- | M] () -- C:\Users\marc\Desktop\ams-snitch-xvid-cd2.avi

[2013/05/20 20:48:42 | 735,416,320 | ---- | M] () -- C:\Users\marc\Desktop\ams-snitch-xvid-cd1.avi

[2013/05/19 19:36:32 | 000,000,940 | ---- | M] () -- C:\Users\marc\Desktop\Start Tor Browser.exe - Shortcut.lnk

[2013/05/19 02:53:17 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll

[2013/05/19 02:53:17 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll

[2013/05/19 02:53:17 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\packet.dll

[2013/05/19 02:53:17 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\packet.dll

[2013/05/19 02:53:17 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys

[2013/05/18 23:46:24 | 000,004,093 | ---- | M] () -- C:\Users\marc\Desktop\Dolphin.exe - Shortcut.lnk

[2013/05/18 17:07:05 | 000,000,968 | ---- | M] () -- C:\Users\marc\Desktop\Disable_Notifications.reg

[2013/05/16 02:27:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/05/15 20:32:24 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013/05/15 20:32:24 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/05/15 20:32:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013/05/14 19:11:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/14 19:11:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/13 02:21:26 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/05/13 02:21:26 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/05/12 07:18:07 | 1539,200,622 | ---- | M] () -- C:\Users\marc\Desktop\Iron.Man.III..avi

[2013/05/08 19:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013/05/07 16:13:24 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2013/05/07 15:31:09 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

[2013/05/07 15:22:07 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

========== Files Created - No Company Name ==========

[2013/05/26 13:49:34 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/05/26 03:34:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013/05/26 03:22:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/05/26 03:22:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/05/26 03:01:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013/05/25 22:36:47 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap

[2013/05/25 02:12:33 | 000,003,520 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini

[2013/05/25 02:12:33 | 000,002,040 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini

[2013/05/25 02:12:33 | 000,002,040 | ---- | C] () -- C:\Windows\SysNative\EasyRedirectOff.ini

[2013/05/25 02:12:31 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk

[2013/05/25 01:51:38 | 000,000,068 | ---- | C] () -- C:\Windows\MyProg.ini

[2013/05/24 23:05:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2013/05/22 07:48:13 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/05/20 19:14:01 | 731,615,232 | ---- | C] () -- C:\Users\marc\Desktop\ams-snitch-xvid-cd2.avi

[2013/05/20 19:13:25 | 735,416,320 | ---- | C] () -- C:\Users\marc\Desktop\ams-snitch-xvid-cd1.avi

[2013/05/20 11:08:56 | 000,000,008 | RHS- | C] () -- C:\Users\marc\ntuser.pol

[2013/05/19 19:36:32 | 000,000,940 | ---- | C] () -- C:\Users\marc\Desktop\Start Tor Browser.exe - Shortcut.lnk

[2013/05/18 23:46:24 | 000,004,093 | ---- | C] () -- C:\Users\marc\Desktop\Dolphin.exe - Shortcut.lnk

[2013/05/18 17:07:05 | 000,000,968 | ---- | C] () -- C:\Users\marc\Desktop\Disable_Notifications.reg

[2013/05/16 02:27:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/05/12 16:35:57 | 1539,200,622 | ---- | C] () -- C:\Users\marc\Desktop\Iron.Man.III..avi

[2013/05/07 16:13:24 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2013/05/07 15:22:07 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2013/05/03 20:13:24 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce487556c44654.job

[2013/04/16 13:29:27 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini

[2013/04/08 06:05:02 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/04/08 06:05:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013/04/03 18:00:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2013/04/02 21:55:14 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/04/02 21:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/12/19 12:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/12/19 12:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/02/02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

benitani · May 26, 2013

Forget to mention this but this is the option I seleted for OTL http://i42.tinypic.com/70c4zt.jpg

Extra.txt

OTL Extras logfile created on: 5/26/2013 2:04:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marc\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 21.84% Memory free

7.91 Gb Paging File | 3.60 Gb Available in Paging File | 45.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 317.57 Gb Free Space | 68.18% Space Free | Partition Type: NTFS

Computer Name: MMARC-PC | User Name: marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0329966B-CBB2-464B-A391-B1DC60C27CE4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0397D4C8-61A2-46CA-A5C3-9ECBA20568A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{09DBAB03-0ECF-4076-A5BD-14E8F110038B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C5CFE39-3E00-4FDE-AF3E-04D588FE6DE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1FDBE617-AAC6-47E2-B69E-B92576714ECA}" = rport=445 | protocol=6 | dir=out | app=system |

"{265A0AF7-184B-44D6-A9FD-C12D4A3E1250}" = rport=139 | protocol=6 | dir=out | app=system |

"{2EE3A11E-FEAD-4B96-A2E3-94FAF5D2D1C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2F31E0F7-ED9F-46A0-AE72-15AAB6755957}" = rport=10243 | protocol=6 | dir=out | app=system |

"{347693CA-E6D2-40C9-866F-E5E836133AE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{50C104FE-2998-4E44-8961-D99CE59C3142}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{68712686-BF79-4C22-94F1-C50ABA58D52F}" = lport=445 | protocol=6 | dir=in | app=system |

"{6A13A5AF-B581-4308-9F64-01A6F9BB83B9}" = rport=138 | protocol=17 | dir=out | app=system |

"{878EF9EE-FBCF-4C31-BC91-9731AB508E6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8CCD40C5-6F22-4DED-8A35-7F354F975CD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{94FEF02B-3A5C-4EC4-B60E-CCF98C0D7E1A}" = lport=139 | protocol=6 | dir=in | app=system |

"{ACA20385-86A2-41A5-9091-A27C033A1B5C}" = lport=138 | protocol=17 | dir=in | app=system |

"{B6E7B3F7-EDB0-42AD-98CB-BBB4311570D0}" = lport=137 | protocol=17 | dir=in | app=system |

"{C29C9FA5-C6A8-4890-8B55-E0646796A263}" = rport=137 | protocol=17 | dir=out | app=system |

"{C7CE5DF1-A2F7-4EF2-B692-84F5E32BE301}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E489EA30-9693-4290-B8FA-43E114CC070C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F1D31B15-562F-46EA-BF56-C990BE331BA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F619F5A0-6CB0-48A3-A7AE-25E673CC069C}" = lport=10243 | protocol=6 | dir=in | app=system |

"{FEB31B12-E402-4A0D-A5B3-53449172AEE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{238AB1E7-873B-40D2-B408-2D0DDE21E52C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{2F62CCA8-4626-496E-BC44-D8C7E9920633}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3257D22B-F0FF-4AED-A563-92A927059A11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3458ABF0-4C3F-4A21-A2C9-3B4203570594}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{36F9C51C-0AB6-4F89-B534-6DEED97BF327}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3AF3395C-1BED-4A10-BDA4-6061672D3878}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4015A5A4-6559-4E44-B788-1C76A639DD5A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{41F12AFC-8AC7-4486-B57F-FBF338F08A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{41F27F01-CE37-4D28-86CA-AFF8A3E0EE52}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{45FED0EC-6964-442A-9D17-8B1460C779C3}" = protocol=6 | dir=out | app=system |

"{4978411D-9524-4A49-9D07-0959A4E83A04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4B85E211-5F5C-4530-AC9A-268948C65761}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4E8B9395-3759-4B2D-B9C7-DD52410BE8AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |

"{5A2940F4-FDE4-4CFF-AA94-4D758D8E2172}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65135DE2-9032-49BE-84FA-5BA7C0F28B47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{7CE55D9E-68EC-494B-9716-896A66072FAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7D7D549B-2081-4198-8437-80E591D0BE06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8171CFE1-9EE5-4C3F-B240-3BCA4A5A3DFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8530F80F-FFA3-4B1D-A062-A4F596E7BA92}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{8E394B87-19BF-4DCF-97DD-2084DCB8A12F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{91E3373D-1DFE-4E4D-97B6-B5A1095A1BDD}" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\utorrent\utorrent.exe |

"{A54C384C-CACE-4B64-B51B-324DF62A15B9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{A5D245F9-1FAA-4A47-8BCC-803BD1B89BDC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{A8DED6B4-A7FF-41CA-8E4D-581F01E533F5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A91EBC1D-95A7-4BA2-87A3-6C4AFDF387E9}" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\utorrent\utorrent.exe |

"{AAC10D1B-7A94-4A53-97BA-7275614EB08D}" = dir=in | name=utube |

"{B422C49F-1ACD-4973-999B-C40F5D4C9E7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C83320DB-6E51-44BB-928B-AC5E316D9A12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{D1E59855-720C-4618-B5B4-7CDE559BB778}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D32E7996-3EF6-4A62-A753-7A8AE4E76363}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{DE9438CD-E5A4-4A06-8F66-61E45F1E3E30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E9E930D7-BA9A-4E1B-BD92-5C933D423C5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |

"{F06DF83F-9E43-4857-B807-9E8F8ADB3B98}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{F87CD5AA-B067-4165-9C73-F20B69B0F868}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FA7C20B3-2570-421A-A0F8-4C5C1CE7B38F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |

"{FD7BEA72-B856-47FB-94B6-F1669B573B00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64

"{04573C2A-8756-E9F0-7878-C6029F6C7F25}" = AMD Drag and Drop Transcoding

"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding

"{4A18C875-B374-4868-B7EA-06CF2DD59FCC}" = ESET Smart Security

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Easy-Hide-IP_is1" = Easy-Hide-IP 5.0.0.3

"Logitech Gaming Software" = Logitech Gaming Software 8.46

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English

"{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French

"{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center

"{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish

"{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese

"{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch

"{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian

"{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech

"{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy

"{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All

"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection

"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German

"{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek

"{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish

"{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese

"{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish

"{DEF3592F-0751-4632-9875-8BF9AD602898}" = DNSCrypt

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish

"{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AI RoboForm" = RoboForm 7-8-7-5 (All Users)

"Battlelog Web Plugins" = Battlelog Web Plugins

"DAEMON Tools Lite" = DAEMON Tools Lite

"EasyBCD" = EasyBCD 2.0

"ESN Sonar-0.70.4" = ESN Sonar

"Google Chrome" = Google Chrome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"Notepad++" = Notepad++

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer

"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad

"Tales of Pirates II_is1" = Tales of Pirates II

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.5

"xampp" = XAMPP 1.8.1-0

"XFastUSB" = XFastUSB

"YU2010_is1" = Your Uninstaller! 7

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/25/2013 10:35:12 PM | Computer Name = mmarc-PC.FX99 | Source = Application Hang | ID = 1002

Description = The program mmc.exe version 6.1.7600.16385 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 4dc Start

Time: 01ce59b855e6542a Termination Time: 6 Application Path: C:\Windows\system32\mmc.exe

Report

Id: e0157249-c5ac-11e2-b8cd-bc5ff46a37fd

Error - 5/26/2013 6:35:25 AM | Computer Name = mmarc-PC.FX99 | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 5/26/2013 7:17:49 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:

0x510d8610 Faulting module name: USP10.dll, version: 1.626.7600.16385, time stamp:

0x4a5be08c Exception code: 0xc0000005 Fault offset: 0x000000000006dbfc Faulting process

id: 0x1894 Faulting application start time: 0x01ce59d4920ba2bd Faulting application

path: C:\Users\marc\Documents\My Games\Wii\Dolphin.exe Faulting module path: C:\Windows\system32\USP10.dll

Report

Id: e592a7b0-c5f5-11e2-b8cd-bc5ff46a37fd

Error - 5/26/2013 7:24:05 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time

stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id: 0xefc Faulting application

start time: 0x01ce5a038031030c Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Faulting

module path: unknown Report Id: c59d8632-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:09 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: OpenDNSCryptService.exe, version: 0.0.0.0,

time stamp: 0x5040ee40 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id:

0x62c Faulting application start time: 0x01ce5a03294145e1 Faulting application path:

C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe Faulting module

path: unknown Report Id: c7e84219-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:14 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: EasyRedirect.exe, version: 2.2.2.1, time

stamp: 0x50a12aa2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id: 0x6d0 Faulting application

start time: 0x01ce5a032e979bbe Faulting application path: C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe

Faulting

module path: unknown Report Id: cadcd50d-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:20 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: IntelMeFWService.exe, version: 0.0.0.0,

time stamp: 0x4f31cf79 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id:

0x738 Faulting application start time: 0x01ce5a032ed31e25 Faulting application path:

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

Faulting

module path: unknown Report Id: ce69d74f-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:20 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: jhi_service.exe, version: 8.0.2.1410, time

stamp: 0x4f31d4bf Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id: 0x754 Faulting application

start time: 0x01ce5a032eda4246 Faulting application path: C:\Program Files (x86)\Intel\Intel®

Management Engine Components\DAL\jhi_service.exe Faulting module path: unknown Report

Id: ce7a80f1-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:20 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: dnscrypt-proxy.exe, version: 0.0.0.0, time

stamp: 0x5006fce0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id: 0x760 Faulting application

start time: 0x01ce5a032f2d926f Faulting application path: C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe

Faulting

module path: unknown Report Id: ce924eb4-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:20 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Description = Faulting application name: PnkBstrA.exe, version: 0.0.0.0, time stamp:

0x4f144d4e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x71d76a64 Faulting process id: 0x7e8 Faulting application

start time: 0x01ce5a0330062fa8 Faulting application path: C:\Windows\SysWOW64\PnkBstrA.exe

Faulting

module path: unknown Report Id: cea096f6-c5f6-11e2-8836-bc5ff46a37fd

Error - 5/26/2013 7:24:20 AM | Computer Name = mmarc-PC.FX99 | Source = Application Error | ID = 1000

Error - 5/26/2013 7:24:21 AM | Computer Name = mmarc-PC.FX99 | Source = Application

Error | ID = 1000

Description = Faulting application name: LMS.exe, version: 8.0.2.1410, time stamp: 0x4f31d178

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x71d76a64

Faulting process id: 0xb00

Faulting application start time: 0x01ce5a038eebd3b3

Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

Faulting module path: unknown

Report Id: cf19fd24-c5f6-11e2-8836-bc5ff46a37fd

Error encountered while reading event logs.

< End of report >

benitani · May 26, 2013

Malwarebytes Anti-Rootkit

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.100000 GHz

Memory total: 4245364736, free: 1121734656

Downloaded database version: v2013.05.26.05

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

05/26/2013 13:53:32

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\system32\DRIVERS\iusb3hcs.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\epfwwfp.sys

\SystemRoot\system32\DRIVERS\vmstorfl.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\eamonm.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

C:\Program Files\ESET\ESET Smart Security\em006_64.dat

C:\Program Files\ESET\ESET Smart Security\em018_64.dat

\SystemRoot\System32\drivers\FNETURPX.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\EpfwLWF.sys

\SystemRoot\system32\DRIVERS\nbdrv.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\iusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\iusb3hub.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\MBfilt64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\xusb21.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\epfw.sys

C:\Program Files\ESET\ESET Smart Security\em008_64.dat

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\psapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\oleaut32.dll

\Windows\System32\wininet.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\lpk.dll

\Windows\System32\imagehlp.dll

\Windows\System32\usp10.dll

\Windows\System32\clbcatq.dll

\Windows\System32\sechost.dll

\Windows\System32\kernel32.dll

\Windows\System32\difxapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\shell32.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\shlwapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\gdi32.dll

\Windows\System32\user32.dll

\Windows\System32\nsi.dll

\Windows\System32\normaliz.dll

\Windows\System32\comdlg32.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800477e060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004118050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800477e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800477eb20, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800477e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004117c40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004118050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 775044C

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 976766976

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.100000 GHz

Memory total: 4245364736, free: 2217611264

=======================================

benitani · May 26, 2013

ComboFix

ComboFix 13-05-25.02 - marc 05/26/2013 14:14:42.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4049.841 [GMT -7:00]

Running from: c:\users\marc\Downloads\ComboFix.exe

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\marc\videos\ItemRefineInfo.bin

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

.

((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 )))))))))))))))))))))))))))))))

.

2013-05-26 20:53 . 2013-05-26 21:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-26 19:01 . 2013-05-26 21:20 -------- d-----w- C:\xampp

2013-05-26 11:22 . 2013-05-26 11:22 -------- d-----w- c:\windows\SysWow64\Wat

2013-05-26 11:22 . 2013-05-26 11:22 -------- d-----w- c:\windows\system32\Wat

2013-05-26 11:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2013-05-26 11:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2013-05-26 10:48 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2013-05-26 10:48 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2013-05-26 10:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-05-26 10:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-05-26 10:34 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-05-26 10:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-05-26 10:09 . 2013-05-03 23:15 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-26 10:02 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-05-26 10:02 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-05-26 10:02 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-05-26 10:02 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-05-26 10:02 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-05-26 10:02 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-05-26 10:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-05-26 10:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-05-26 10:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-05-26 10:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-05-26 10:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-05-26 10:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-05-26 10:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-05-26 09:49 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-05-26 09:49 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2013-05-26 09:49 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2013-05-26 09:49 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-05-26 09:49 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-05-26 09:42 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2013-05-26 09:39 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll

2013-05-26 09:39 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll

2013-05-26 09:39 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2013-05-26 09:39 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll

2013-05-26 09:39 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2013-05-26 09:39 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2013-05-26 09:39 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll

2013-05-26 09:39 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll

2013-05-26 09:38 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-05-26 09:38 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll

2013-05-26 09:38 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll

2013-05-26 09:38 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-05-26 09:38 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-05-26 09:38 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-05-26 09:36 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2013-05-26 09:36 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-05-26 09:36 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-05-26 09:36 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-05-26 09:34 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys

2013-05-26 09:33 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll

2013-05-26 09:30 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-05-26 09:30 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-05-26 09:27 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2013-05-26 09:27 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-05-26 02:31 . 2010-11-02 05:12 1133568 ----a-w- c:\windows\system32\FntCache.dll

2013-05-26 02:30 . 2013-01-24 05:41 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-05-26 02:30 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2013-05-26 02:30 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2013-05-26 02:30 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2013-05-26 02:30 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2013-05-26 02:30 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2013-05-26 02:30 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2013-05-26 02:26 . 2013-05-14 08:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0295AF7A-FFF3-45E3-82A5-7D0BAC6CE017}\mpengine.dll

2013-05-26 01:26 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2013-05-26 01:25 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll

2013-05-26 01:25 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2013-05-26 01:25 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2013-05-26 01:25 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-26 01:25 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll

2013-05-26 01:25 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-26 01:25 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-26 01:25 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-26 01:25 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-26 01:24 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2013-05-26 01:24 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2013-05-26 01:15 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2013-05-26 01:15 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2013-05-26 01:15 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2013-05-26 01:15 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2013-05-26 01:15 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-05-25 20:26 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2013-05-25 20:26 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2013-05-25 20:26 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2013-05-25 20:26 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2013-05-25 20:26 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2013-05-25 20:26 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2013-05-25 20:26 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2013-05-25 20:26 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2013-05-25 20:26 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2013-05-25 09:12 . 2013-05-26 21:22 -------- d-----w- c:\programdata\notracks.com

2013-05-25 09:12 . 2012-11-22 22:10 539984 ----a-w- c:\windows\system32\EasyRedirect64.dll

2013-05-25 09:12 . 2012-11-22 22:10 380240 ----a-w- c:\windows\SysWow64\EasyRedirect.dll

2013-05-25 09:12 . 2013-05-25 09:12 -------- d-----w- c:\program files\Easy-Hide-IP

2013-05-25 09:06 . 2013-05-25 09:06 -------- d-----w- c:\users\marc\AppData\Roaming\AutoHideIP

2013-05-25 09:06 . 2013-05-25 09:06 -------- d-----w- c:\programdata\AutoHideIP

2013-05-25 09:05 . 2013-05-25 09:05 -------- d-----w- c:\users\marc\AppData\Local\APN

2013-05-25 06:06 . 2013-05-25 06:06 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS

2013-05-24 08:53 . 2013-05-24 08:53 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-24 08:53 . 2013-05-24 08:53 -------- d-----w- c:\users\marc\AppData\Roaming\HideIPEasy

2013-05-24 08:53 . 2013-05-24 08:53 -------- d-----w- c:\programdata\HideIPEasy

2013-05-24 08:53 . 2013-05-24 08:53 -------- d-----w- c:\program files (x86)\Portable

2013-05-22 12:45 . 2013-05-22 12:45 -------- d-----w- c:\users\marc\AppData\Roaming\OpenDNS Updater

2013-05-21 08:50 . 2013-05-24 12:13 -------- d-----w- c:\program files\Sandboxie

2013-05-20 13:12 . 2013-05-20 16:07 -------- d-----w- c:\users\marc\AppData\Roaming\PrivateTunnel

2013-05-20 13:12 . 2013-05-20 13:12 -------- d-----w- c:\program files (x86)\OpenVPN Technologies

2013-05-20 08:26 . 2013-05-20 08:26 -------- d-----w- c:\users\marc\AppData\Local\OpenDNS

2013-05-20 08:20 . 2013-05-20 08:20 -------- d-----w- c:\programdata\OpenDNS

2013-05-20 08:20 . 2013-05-20 08:20 -------- d-----w- c:\program files (x86)\OpenDNS

2013-05-20 02:54 . 2013-05-20 02:54 -------- d-----w- c:\users\marc\AppData\Local\Vidalia

2013-05-19 09:53 . 2013-05-24 17:41 -------- d-----w- c:\users\marc\AppData\Local\NETGEARGenie

2013-05-19 09:53 . 2013-05-19 09:53 369168 ----a-w- c:\windows\system32\wpcap.dll

2013-05-19 09:53 . 2013-05-19 09:53 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2013-05-19 09:53 . 2013-05-19 09:53 106000 ----a-w- c:\windows\system32\packet.dll

2013-05-19 00:26 . 2013-05-19 00:26 -------- d-----w- c:\users\marc\AppData\Local\ElevatedDiagnostics

2013-05-16 09:27 . 2013-05-16 09:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2013-05-11 07:06 . 2013-05-11 07:06 -------- d-----w- c:\users\marc\AppData\Local\Diagnostics

2013-05-09 02:09 . 2013-05-09 02:09 -------- d-----w- c:\users\marc\AppData\Local\ESN

2013-05-09 02:09 . 2013-05-15 05:35 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2013-05-09 02:07 . 2013-05-09 02:07 -------- d-----w- c:\programdata\EA Core

2013-05-09 02:07 . 2013-05-10 08:33 -------- d-----w- c:\programdata\EA Logs

2013-05-07 23:13 . 2013-05-07 23:13 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2013-05-07 22:38 . 2013-05-07 22:38 -------- d-----w- c:\programdata\LogiShrd

2013-05-07 22:38 . 2013-05-07 22:38 -------- d-----w- c:\users\marc\AppData\Local\Logitech

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 03:32 . 2013-04-08 13:05 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-05-16 03:32 . 2013-04-03 23:32 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-05-16 03:32 . 2013-04-08 13:05 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-05-15 02:11 . 2013-04-03 05:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 02:11 . 2013-04-03 05:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-13 09:21 . 2013-04-05 05:58 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-13 09:21 . 2013-04-05 05:58 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-09 02:22 . 2013-04-08 13:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-05-02 09:06 . 2013-04-03 05:19 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 11:13 . 2013-04-16 10:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-04-04 21:50 . 2013-04-03 13:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-03 04:35 . 2013-04-03 04:35 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-04-03 109784]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]

"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-04-03 5019360]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2013-05-25 32320]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-26 1255736]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-20 58416]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-16 283200]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-20 213416]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-04-03 15936]

S1 nbdrv;NetBalancer LightWeight Filter;c:\windows\system32\DRIVERS\nbdrv.sys [2013-01-17 41392]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [2012-08-18 22016]

S2 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-08-31 14336]

S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-11-22 3575120]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-08 121344]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-24 22:18 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03 02:11]

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 11:08]

.

2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce487556c44654.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 11:08]

.

2013-05-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

2013-05-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 10.0.0.112

FF - ProfilePath - c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3251747&SearchSource=2&CUI=UN82628310116391111&UM=2&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-04-02 22:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-04-02 22:45; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-04-02 22:45; firefox@ghostery.com; c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\firefox@ghostery.com

FF - ExtSQL: 2013-04-03 03:57; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox

FF - ExtSQL: 2013-04-03 19:24; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF - ExtSQL: 2013-04-05 17:36; dgs229@nyu.edu; c:\users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\bstud2ba.default\extensions\dgs229@nyu.edu.xpi

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-05-26 14:25:44 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-26 21:25

.

Pre-Run: 340,877,119,488 bytes free

Post-Run: 340,678,205,440 bytes free

.

- - End Of File - - B78B737558E7C35C31EFD7D095DE9CE4

AdvancedSetup · June 19, 2013

Sorry for the delay but with so many replies it looked you were already being helped.

If you still need help please let me know

Thanks

AdvancedSetup · June 21, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Apache Malware Spyware or virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information