Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Closed Topic
 
Topic Tools
  #1  
Old January 9th, 2013, 01:07 PM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
Cleaning out Computer help!! - moved by Jintan

Recently received my brothers old Alienware Aurora and he was gracious enough to leave it in a bit of a crapy state. It's not bad enough to warrent a wipe but enough that I need some help. Mostly I think its Malware/registry issues but Don't know where to start
  #2  
Old January 11th, 2013, 12:47 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,282
Welcome to CTH goonproductions,

Let's check to determine malware issues first.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
  #3  
Old January 11th, 2013, 12:47 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,282
I'll go ahead and move this request to the CTH Malware Removal Forum.
  #4  
Old January 11th, 2013, 01:38 PM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
Thanks for the reply!

THis aswMBR log is the only one it will let me post as the others have too many characters.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-11 22:28:48
-----------------------------
22:28:48.670 OS Version: Windows x64 6.1.7601 Service Pack 1
22:28:48.670 Number of processors: 12 586 0x2D07
22:28:48.670 ComputerName: AD-PC UserName:
22:28:48.686 Initialze error 1
22:30:47.157 AVAST engine defs: 13011100
22:31:04.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
22:31:04.423 Disk 0 Vendor: ATA_____ DEM3 Size: 476940MB BusType: 8
22:31:04.423 Disk 0 MBR read successfully
22:31:04.423 Disk 0 MBR scan
22:31:04.423 Disk 0 unknown MBR code
22:31:04.423 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:31:04.423 Disk 0 scanning C:\Windows\system32\drivers
22:31:04.439 Service scanning
22:31:05.578 Modules scanning
22:31:05.578 Disk 0 trace - called modules:
22:31:05.578 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
22:31:05.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa801b0cd790]
22:31:05.578 3 CLASSPNP.SYS[fffff8800465143f] -> nt!IofCallDriver -> [0xfffffa801b00dc50]
22:31:05.578 5 iaStorF.sys[fffff880049c72fa] -> nt!IofCallDriver -> [0xfffffa8019a9e2d0]
22:31:05.593 7 ACPI.sys[fffff88000eec7a1] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa801ad2c1d0]
22:31:05.593 AVAST engine scan C:\Windows
22:31:05.609 AVAST engine scan C:\Windows\system32
22:31:05.609 AVAST engine scan C:\Windows\system32\drivers
22:31:05.624 AVAST engine scan C:\Users\Adrian
22:31:05.624 AVAST engine scan C:\ProgramData
22:31:05.624 Scan finished successfully
22:31:35.074 Disk 0 MBR has been saved successfully to "C:\Users\Adrian\Desktop\OTL\MBR.dat"
22:31:35.199 The log file has been saved successfully to "C:\Users\Adrian\Desktop\OTL\aswMBR.txt"
  #5  
Old January 11th, 2013, 01:39 PM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
OTL Extras logfile created on: 11/01/2013 10:16:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adrian\Desktop\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

31.95 Gb Total Physical Memory | 28.33 Gb Available Physical Memory | 88.65% Memory free
63.90 Gb Paging File | 59.70 Gb Available in Paging File | 93.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.57 Gb Total Space | 37.03 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive D: | 750.00 Mb Total Space | 529.89 Mb Free Space | 70.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 551.07 Gb Free Space | 29.58% Space Free | Partition Type: NTFS

Computer Name: AD-PC | User Name: Adrian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B884E7A1-DFF2-4538-9965-03E9C46F6094}" = Command Center
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D9D2CAB2-C726-4372-9F05-51B906C802B5}" = AVG 2012
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"AVG" = AVG 2012
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = AlienAutopsy
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2AADF0-6832-4471-8A15-EB068B7DC9F1}" = Razer Anansi Firmware Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{58AA0670-2352-424B-BE5F-CF59EDD07EA0}" = Razer Anansi
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel(R) Rapid Storage Technology enterprise
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50" = NavDesk 7.50
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}" = Razer Mamba
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1" = Adobe Community Help
"CloneDVDmobile" = CloneDVDmobile
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"ContentaORFConverter" = Contenta ORF Converter
"Diablo III" = Diablo III
"Fitbit Data Uploader_is1" = Fitbit v2.1.0
"FITBIT&10C4&84C4" = Fitbit Base Station (Driver Removal)
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{B884E7A1-DFF2-4538-9965-03E9C46F6094}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Nike+ Connect" = Nike+ Connect
"RealPlayer 15.0" = RealPlayer
"Steam App 102810" = Gatling Gears
"Steam App 107100" = Bastion
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 18050" = DeathSpank: Thongs Of Virtue
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 204300" = Awesomenauts
"Steam App 214250" = I Am Alive
"Steam App 240" = Counter-Strike: Source
"Steam App 35720" = Trine 2
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 620" = Portal 2
"Steam App 63380" = Sniper Elite V2
"Steam App 6850" = Hitman 2: Silent Assassin
"Steam App 6900" = Hitman: Codename 47
"Steam App 91310" = Dead Island
"TextTwist 21.0" = TextTwist 2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"VLC Streamer_is1" = VLC Streamer 2.24
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.8
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1916946935-3271337755-413962798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"101a9f93b8f0bb6f" = Curse Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2012 4:07:18 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3994

Error - 2/12/2012 4:07:18 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3994

Error - 2/12/2012 4:07:19 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/12/2012 4:07:19 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992

Error - 2/12/2012 4:07:19 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

Error - 2/12/2012 4:07:21 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/12/2012 4:07:21 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6568

Error - 2/12/2012 4:07:21 AM | Computer Name = AD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6568

Error - 5/12/2012 5:46:45 AM | Computer Name = AD-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/12/2012 4:40:03 AM | Computer Name = AD-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BU ILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 5/06/2012 4:05:33 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 6:05:33 PM - Error connecting to the internet. 6:05:33 PM - Unable
to contact server..

Error - 5/06/2012 4:05:43 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 6:05:38 PM - Error connecting to the internet. 6:05:38 PM - Unable
to contact server..

Error - 30/06/2012 4:49:24 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 6:49:24 PM - Error connecting to the internet. 6:49:24 PM - Unable
to contact server..

Error - 30/06/2012 4:49:31 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 6:49:29 PM - Error connecting to the internet. 6:49:29 PM - Unable
to contact server..

Error - 30/06/2012 5:51:31 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 7:51:31 PM - Error connecting to the internet. 7:51:31 PM - Unable
to contact server..

Error - 30/06/2012 5:51:38 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 7:51:36 PM - Error connecting to the internet. 7:51:36 PM - Unable
to contact server..

Error - 30/06/2012 6:55:41 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 8:55:41 PM - Error connecting to the internet. 8:55:41 PM - Unable
to contact server..

Error - 30/06/2012 6:55:48 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 8:55:46 PM - Error connecting to the internet. 8:55:46 PM - Unable
to contact server..

Error - 30/06/2012 7:55:52 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 9:55:52 PM - Error connecting to the internet. 9:55:52 PM - Unable
to contact server..

Error - 30/06/2012 7:55:59 AM | Computer Name = AD-PC | Source = MCUpdate | ID = 0
Description = 9:55:57 PM - Error connecting to the internet. 9:55:57 PM - Unable
to contact server..

[ System Events ]
Error - 31/07/2012 2:15:35 AM | Computer Name = AD-PC | Source = DCOM | ID = 10016
Description =

Error - 1/08/2012 2:20:47 AM | Computer Name = AD-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 1/08/2012 2:20:48 AM | Computer Name = AD-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 1/08/2012 2:21:12 AM | Computer Name = AD-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 1/08/2012 2:22:36 AM | Computer Name = AD-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 1/08/2012 2:22:36 AM | Computer Name = AD-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 1/08/2012 2:23:12 AM | Computer Name = AD-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR7.

Error - 1/08/2012 2:23:42 AM | Computer Name = AD-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LanmanServer service.

Error - 1/08/2012 2:24:12 AM | Computer Name = AD-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.

Error - 1/08/2012 2:24:42 AM | Computer Name = AD-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >
  #6  
Old January 11th, 2013, 01:43 PM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
Ok for some reason I could post that extras file but not the others

thanks for the help

Last edited by goonproductions; January 11th, 2013 at 01:46 PM.
  #7  
Old January 12th, 2013, 12:28 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,282
Really going to need to see more diagnostic results than just the Extras.txt log. You completely disabled AVG?

Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Then try posting the logs.

Failing that, let's try a different scan, but I do need to see some log info.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. You can just close that - it's similar to OTL's Extras.txt.
  #8  
Old January 12th, 2013, 07:35 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
It's not that i dont want to post the other logs the forum wont let me post them because they are more than 50000 characters long. do you just want me to split it up?
  #9  
Old January 12th, 2013, 07:37 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
OTL logfile created on: 11/01/2013 10:16:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adrian\Desktop\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

31.95 Gb Total Physical Memory | 28.33 Gb Available Physical Memory | 88.65% Memory free
63.90 Gb Paging File | 59.70 Gb Available in Paging File | 93.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.57 Gb Total Space | 37.03 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive D: | 750.00 Mb Total Space | 529.89 Mb Free Space | 70.65% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 551.07 Gb Free Space | 29.58% Space Free | Partition Type: NTFS

Computer Name: AD-PC | User Name: Adrian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/11 22:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL\OTL.exe
PRC - [2013/01/09 13:03:31 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/09 18:09:17 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/09 18:09:17 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/14 17:54:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/06/20 10:09:34 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2011/11/25 15:03:24 | 000,973,720 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
PRC - [2011/11/01 13:11:52 | 000,014,152 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2011/11/01 13:05:20 | 000,068,936 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2011/11/01 13:00:56 | 000,016,200 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2011/10/26 18:01:34 | 000,788,000 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit.exe
PRC - [2011/10/17 09:58:56 | 000,939,416 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe
PRC - [2011/10/13 07:53:02 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
PRC - [2011/10/13 07:52:54 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
PRC - [2011/08/12 12:05:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/06/18 03:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/08 22:03:14 | 001,503,824 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/09/02 17:25:02 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/09 18:09:17 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/09 18:09:17 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/09 18:09:17 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/06/15 03:33:25 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b \System.WorkflowServices.ni.dll
MOD - [2012/06/15 03:32:53 | 000,335,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\adaba7573ba80fcec310dde1dc78aaf9\IAStorUti l.ni.dll
MOD - [2012/06/15 03:29:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\a501b7960f6c6e2e39162b83f3303aaa\System.We b.ni.dll
MOD - [2012/06/15 03:29:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll
MOD - [2012/06/15 03:29:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll
MOD - [2012/06/15 03:09:46 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\bcec0e7db1d027328cc8cd702185fa66 \PresentationFramework.ni.dll
MOD - [2012/06/15 03:09:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\b460188cf6862491550a006c3660e2e6\Pre sentationCore.ni.dll
MOD - [2012/06/15 03:09:36 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\c06946b464ae8dd22151e0a6f310c976 \System.Windows.Forms.ni.dll
MOD - [2012/06/15 03:09:33 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsB ase.ni.dll
MOD - [2012/06/15 03:09:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\29e48cb144e24a7b4335d1360cc06642\Syste m.Drawing.ni.dll
MOD - [2012/05/13 08:59:40 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Management\e72d56a0f58bcf95890614700f925609\Sy stem.Management.ni.dll
MOD - [2012/05/13 08:58:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Remo#\eba1ea877df19e9a05fb7f8cb0bc3368 \System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 08:58:02 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.X aml.ni.dll
MOD - [2012/05/13 08:57:15 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275 \System.ServiceModel.Web.ni.dll
MOD - [2012/05/13 08:55:14 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.IdentityModel\2ce8210219c7123610072357358df470 \System.IdentityModel.ni.dll
MOD - [2012/05/13 08:55:13 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5 \System.Runtime.Serialization.ni.dll
MOD - [2012/05/13 08:55:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMD iagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiag nostics.ni.dll
MOD - [2012/05/13 08:55:11 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\ System.ServiceModel.ni.dll
MOD - [2012/05/13 08:55:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torDataMgrSvcInt#\b66483e0236a08b2e70d433c47978ec3 \IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2012/05/13 08:55:01 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torCommon\54d6d2991095fb2de89cbb164644fa1d\IAStorC ommon.ni.dll
MOD - [2012/05/13 07:25:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll
MOD - [2012/05/13 07:25:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 07:25:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll
MOD - [2012/05/13 07:25:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2012/05/12 21:37:33 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.D ata.ni.dll
MOD - [2012/05/12 21:37:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.C ore.ni.dll
MOD - [2012/05/12 21:37:28 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xm l.ni.dll
MOD - [2012/05/12 21:37:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\6711765f90c0082ec393943b924ed277 \System.Configuration.ni.dll
MOD - [2012/05/12 21:37:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/12 21:37:22 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Numerics\360e9c00572679f437fff0ae719a5886\Syst em.Numerics.ni.dll
MOD - [2012/05/12 21:37:19 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni .dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/03/27 18:01:38 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/01 13:01:02 | 000,014,664 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2011/02/28 17:02:30 | 001,189,968 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2011/02/15 22:36:28 | 000,680,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2011/02/08 21:58:34 | 004,151,376 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 13:26:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 15:29:58 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 18:09:17 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/15 20:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/27 18:01:36 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/26 18:01:34 | 000,788,000 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit\fitbit.exe -- (Fitbit)
SRV - [2011/10/13 07:53:02 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/11 20:04:58 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2011/06/18 03:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/02 17:25:02 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/09/02 17:25:02 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/09 18:09:17 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/19 03:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/31 11:24:24 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sy s -- (WsAudio_DeviceS(5)
DRV:64bit: - [2012/03/31 11:24:24 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sy s -- (WsAudio_DeviceS(4)
DRV:64bit: - [2012/03/31 11:24:24 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sy s -- (WsAudio_DeviceS(3)
DRV:64bit: - [2012/03/31 11:24:24 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sy s -- (WsAudio_DeviceS(2)
DRV:64bit: - [2012/03/31 11:24:24 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sy s -- (WsAudio_DeviceS(1)
DRV:64bit: - [2012/03/28 08:20:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/28 08:20:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/27 09:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/01 05:46:50 | 000,026,856 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2011/10/13 08:44:02 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/10/13 08:44:00 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/10/11 18:36:12 | 000,166,400 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/09/22 14:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/16 05:15:00 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011/09/16 05:14:58 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011/06/11 09:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/04 14:24:14 | 000,007,680 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2011/04/12 06:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/04/12 06:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/02/08 21:02:04 | 000,486,144 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2011/01/16 02:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/28 21:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/12/17 08:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 13:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/21 13:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 13:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/14 12:23:32 | 000,043,008 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2010/06/30 13:02:30 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/24 11:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 11:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 10:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/03/27 09:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com.au/Alienware
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\SearchScopes,DefaultScope = {78FDC9D7-7E42-47E3-B0D8-8D32C0AE265F}
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\SearchScopes\{78FDC9D7-7E42-47E3-B0D8-8D32C0AE265F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6238843F-B958-4912-ABAF-9FA7D89E7AF7}&mid=6ac21853248e47d0b81955c62f11f2f5-a22d6344a38446b5c548e07904ef8b35d47c6433&lang=en&d s=AVG&pr=fr&d=2012-08-30 17:39:17&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\SearchScopes\{E710C602-B1E2-4165-94E4-3B57E3AF5605}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2504091
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_50 2_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dl l ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 18:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/10/14 17:54:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={6238843F-B958-4912-ABAF-9FA7D89E7AF7}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={ searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&in putencoding={inputEncoding}&outputencoding={output Encoding}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.d ll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf 32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk\1.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof\13.2.0.5_0\.bak
  #10  
Old January 12th, 2013, 07:39 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
O1 HOSTS File: ([2013/01/09 22:15:34 | 000,445,095 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15286 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1916946935-3271337755-413962798-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [Razer Anansi Driver] C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1916946935-3271337755-413962798-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1916946935-3271337755-413962798-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1916946935-3271337755-413962798-1000..\Run: [EPSON WorkForce 520 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIS. EXE /FU "C:\Windows\TEMP\E_S3FF3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1916946935-3271337755-413962798-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{3404B696-6CBC-4C04-90E4-7F4E7C89614E}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{FC134777-1E88-4A1A-8A6F-EA31BA18DE44}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\OTL
[2013/01/09 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\LolClient
[2013/01/09 20:12:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/01/09 20:12:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/01/09 20:12:31 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/01/09 20:10:16 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/01/09 20:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013/01/09 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Documents\DeadIsland
[2012/12/21 21:07:37 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\860OKMZO

========== Files - Modified Within 30 Days ==========

[2013/01/11 22:02:52 | 105,710,294 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/11 21:59:31 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Adrian.job
[2013/01/11 21:59:31 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Adrian.job
[2013/01/11 21:54:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 21:50:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 21:49:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/11 21:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/11 16:51:54 | 000,780,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/11 16:51:54 | 000,665,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/11 16:51:54 | 000,125,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/10 02:25:31 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 02:25:31 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 22:15:34 | 000,445,095 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/09 22:15:24 | 000,445,095 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130109-221534.backup
[2013/01/09 21:50:40 | 000,000,173 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/01/09 21:50:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Adrian .job
[2013/01/09 21:49:39 | 4257,366,011 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/09 20:12:35 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/01/09 17:38:00 | 000,001,134 | ---- | M] () -- C:\Users\Adrian\Documents\Documents - Shortcut.lnk
[2013/01/09 15:30:20 | 000,001,844 | ---- | M] () -- C:\Users\Adrian\Documents\Sae Letter.rtf
[2013/01/09 14:11:50 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/01/09 13:26:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 13:26:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/19 18:27:06 | 000,315,519 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/12/17 20:19:23 | 000,368,162 | ---- | M] () -- C:\Users\Adrian\Desktop\Sisters 001.jpg

========== Files Created - No Company Name ==========

[2013/01/09 20:12:35 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/01/09 17:38:00 | 000,001,134 | ---- | C] () -- C:\Users\Adrian\Documents\Documents - Shortcut.lnk
[2013/01/09 15:30:20 | 000,001,844 | ---- | C] () -- C:\Users\Adrian\Documents\Sae Letter.rtf
[2012/12/17 20:04:22 | 000,368,162 | ---- | C] () -- C:\Users\Adrian\Desktop\Sisters 001.jpg
[2012/12/14 19:46:06 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Adrian .job
[2012/12/14 19:46:00 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Adrian.job
[2012/12/14 19:45:55 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Adrian.job
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/20 18:34:58 | 000,000,173 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/04/18 18:08:12 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/27 18:02:22 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/03/27 18:02:10 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/03/27 18:02:10 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011/07/26 11:39:24 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2011/02/11 00:54:10 | 000,766,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2012/03/28 08:20:13 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\@
[2012/08/30 17:18:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\L
[2012/10/06 08:35:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\U
[2012/09/01 09:57:09 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\L\00000004.@
[2012/08/30 17:16:01 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\U\00000004.@
[2012/08/30 17:16:02 | 000,081,408 | ---- | M] () -- C:\Windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\U\80000064.@
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  #11  
Old January 12th, 2013, 07:41 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-11 22:26:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e ATA_____ rev.DEM3 465.76GB
Running: ci5yhixb.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\pxldrpoc.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075df1401 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075df1419 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075df1431 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075df144a 2 bytes [DF, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075df14dd 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseN ameA + 17 0000000075df14f5 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075df150d 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseN ameW + 17 0000000075df1525 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075df153d 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075df1555 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075df156d 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075df1585 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075df159d 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075df15b5 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075df15cd 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileN ameW + 20 0000000075df16b2 2 bytes [DF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4144] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileN ameW + 31 0000000075df16bd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075b52da4 5 bytes JMP 000000015cb99eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramW 0000000075b6cbf3 5 bytes JMP 000000015cce8ee6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b6cfca 5 bytes JMP 000000015caf1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075b8cb0c 5 bytes JMP 000000015cce8e81
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramA 0000000075b8ce64 5 bytes JMP 000000015cce8f4b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075b9fbd1 5 bytes JMP 000000015cce8e08
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075b9fc9d 5 bytes JMP 000000015cce8d8f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075b9fcd6 5 bytes JMP 000000015cce8d2b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075b9fcfa 5 bytes JMP 000000015cce8cc7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\OLEAUT32.dll!OleCreateProperty FrameIndirect 00000000767393ec 5 bytes JMP 000000015cce9100
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075df1401 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075df1419 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075df1431 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075df144a 2 bytes [DF, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075df14dd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075df14f5 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075df150d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075df1525 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075df153d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075df1555 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075df156d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075df1585 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075df159d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075df15b5 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075df15cd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075df16b2 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075df16bd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007081388e 4 bytes JMP 000000015cce8fb0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheet 00000000708b7922 4 bytes JMP 000000015cce9058
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1320] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075ea2694 5 bytes JMP 000000015cce92f8
? C:\Windows\system32\mssprxy.dll [1320] entry point in ".rdata" section 0000000070dd71e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772425fd 6 bytes JMP 000000015cbb8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077252a63 6 bytes JMP 000000015cb5980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000767d34a5 5 bytes JMP 000000015cb575e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b48a29 5 bytes JMP 000000015cbc03b7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075b4d22e 5 bytes JMP 000000015cb63643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075b5291f 5 bytes JMP 000000015cb3ddb3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075b52da4 5 bytes JMP 000000015cb99eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075b56285 5 bytes JMP 000000015cbb7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b57603 5 bytes JMP 000000015cb925b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamA 0000000075b5b029 5 bytes JMP 000000015cce9288
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamW 0000000075b5c63e 5 bytes JMP 000000015cce92c0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075b650ed 5 bytes JMP 000000015cce9982
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075b65246 5 bytes JMP 000000015cce9218
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075b6b99c 5 bytes JMP 000000015cce9c56
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075b6c701 5 bytes JMP 000000015cce99aa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramW 0000000075b6cbf3 5 bytes JMP 000000015cce8ee6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b6cfca 5 bytes JMP 000000015caf1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b6eb96 5 bytes JMP 000000015cb3dedd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b6f52b 5 bytes JMP 000000015cbdece0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!SendInput 0000000075b6ff4a 5 bytes JMP 000000015ccea21b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075b710dc 5 bytes JMP 000000015cce9250
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075b714b2 5 bytes JMP 000000015ccea273
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075b89cfd 5 bytes JMP 000000015ccea2f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075b8cb0c 5 bytes JMP 000000015cce8e81
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramA 0000000075b8ce64 5 bytes JMP 000000015cce8f4b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075b9fbd1 5 bytes JMP 000000015cce8e08
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075b9fc9d 5 bytes JMP 000000015cce8d8f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075b9fcd6 5 bytes JMP 000000015cce8d2b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075b9fcfa 5 bytes JMP 000000015cce8cc7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075ba02bf 5 bytes JMP 000000015ccea1d8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076236143 5 bytes JMP 000000015cce96b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000766d3e59 5 bytes JMP 000000015cce97ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000766d3eae 5 bytes JMP 000000015cce982a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByt eLen 00000000766d4731 5 bytes JMP 000000015cce971e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000766d5dee 5 bytes JMP 000000015cce97ca
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\OLEAUT32.dll!OleCreateProperty FrameIndirect 00000000767393ec 5 bytes JMP 000000015cce9100
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007081388e 4 bytes JMP 000000015cce8fb0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheet 00000000708b7922 4 bytes JMP 000000015cce9058
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075e933a3 5 bytes JMP 000000015cce939c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075ea2694 5 bytes JMP 000000015cce92f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7356] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075eae8ff 5 bytes JMP 000000015cce9468
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075df1401 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075df1419 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075df1431 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075df144a 2 bytes [DF, 75]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075df14dd 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075df14f5 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075df150d 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075df1525 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075df153d 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075df1555 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075df156d 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075df1585 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075df159d 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075df15b5 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075df15cd 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075df16b2 2 bytes [DF, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_146_ActiveX.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075df16bd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000772425fd 6 bytes JMP 000000015cbb8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077252a63 6 bytes JMP 000000015cb5980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000767d34a5 5 bytes JMP 000000015cb575e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b48a29 5 bytes JMP 000000015cbc03b7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075b4d22e 5 bytes JMP 000000015cb63643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075b5291f 5 bytes JMP 000000015cb3ddb3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075b52da4 5 bytes JMP 000000015cb99eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075b56285 5 bytes JMP 000000015cbb7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b57603 5 bytes JMP 000000015cb925b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamA 0000000075b5b029 5 bytes JMP 000000015cce9288
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CreateDialogIndirec tParamW 0000000075b5c63e 5 bytes JMP 000000015cce92c0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075b650ed 5 bytes JMP 000000015cce9982
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075b65246 5 bytes JMP 000000015cce9218
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075b6b99c 5 bytes JMP 000000015cce9c56
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075b6c701 5 bytes JMP 000000015cce99aa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramW 0000000075b6cbf3 5 bytes JMP 000000015cce8ee6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b6cfca 5 bytes JMP 000000015caf1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b6eb96 5 bytes JMP 000000015cb3dedd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b6f52b 5 bytes JMP 000000015cbdece0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!SendInput 0000000075b6ff4a 5 bytes JMP 000000015ccea21b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808]
  #12  
Old January 12th, 2013, 07:42 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075b710dc 5 bytes JMP 000000015cce9250
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075b714b2 5 bytes JMP 000000015ccea273
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075b89cfd 5 bytes JMP 000000015ccea2f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075b8cb0c 5 bytes JMP 000000015cce8e81
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectPa ramA 0000000075b8ce64 5 bytes JMP 000000015cce8f4b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075b9fbd1 5 bytes JMP 000000015cce8e08
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075b9fc9d 5 bytes JMP 000000015cce8d8f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075b9fcd6 5 bytes JMP 000000015cce8d2b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075b9fcfa 5 bytes JMP 000000015cce8cc7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075ba02bf 5 bytes JMP 000000015ccea1d8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076236143 5 bytes JMP 000000015cce96b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000766d3e59 5 bytes JMP 000000015cce97ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000766d3eae 5 bytes JMP 000000015cce982a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByt eLen 00000000766d4731 5 bytes JMP 000000015cce971e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000766d5dee 5 bytes JMP 000000015cce97ca
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\OLEAUT32.dll!OleCreateProperty FrameIndirect 00000000767393ec 5 bytes JMP 000000015cce9100
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075df1401 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075df1419 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075df1431 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075df144a 2 bytes [DF, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075df14dd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 0000000075df14f5 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075df150d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000075df1525 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075df153d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075df1555 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075df156d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075df1585 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075df159d 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075df15b5 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075df15cd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 0000000075df16b2 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 0000000075df16bd 2 bytes [DF, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007081388e 4 bytes JMP 000000015cce8fb0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll!PropertySheet 00000000708b7922 4 bytes JMP 000000015cce9058
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000075e933a3 5 bytes JMP 000000015cce939c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075ea2694 5 bytes JMP 000000015cce92f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7808] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000075eae8ff 5 bytes JMP 000000015cce9468

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [1624:2064] 000007fef8ce59a0
Thread C:\Windows\System32\svchost.exe [1624:3392] 000007fef7eb20c0
Thread C:\Windows\System32\svchost.exe [1624:3396] 000007fef7eb26a8
Thread C:\Windows\System32\svchost.exe [1624:3404] 000007fef7e814a0
Thread C:\Windows\System32\svchost.exe [1624:3964] 000007fef78a44e0
Thread C:\Windows\System32\svchost.exe [1624:3572] 000007fef7cf88f8
Thread C:\Windows\System32\svchost.exe [1624:3344] 000007fef7eb29dc
Thread C:\Windows\System32\svchost.exe [1624:1872] 000007fef7eb29dc
Thread C:\Windows\System32\svchost.exe [1624:1856] 000007fef7eb29dc
Thread C:\Windows\system32\svchost.exe [1824:8160] 000007fefa231ebc
Thread C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1968:1188] 000007fef9ae1df7
Thread C:\Windows\system32\nvvsvc.exe [1980:5436] 000007fef9ae1df7
Thread C:\Windows\system32\svchost.exe [1444:7800] 000007fef50f341c
Thread C:\Windows\system32\svchost.exe [1444:6712] 000007fef50f3a2c
Thread C:\Windows\system32\svchost.exe [1444:4024] 000007fef50f3768
Thread C:\Windows\system32\svchost.exe [1444:6124] 000007fef50f5c20
Thread C:\Windows\system32\svchost.exe [1444:7900] 000007fef50f3900
Thread C:\Windows\System32\spoolsv.exe [2244:3192] 000007fef62910c8
Thread C:\Windows\System32\spoolsv.exe [2244:3208] 000007fef6266144
Thread C:\Windows\System32\spoolsv.exe [2244:3136] 000007fef6055fd0
Thread C:\Windows\System32\spoolsv.exe [2244:3212] 000007fef6043438
Thread C:\Windows\System32\spoolsv.exe [2244:2324] 000007fef60563ec
Thread C:\Windows\System32\spoolsv.exe [2244:3268] 000007fef6315e5c
Thread C:\Windows\System32\spoolsv.exe [2244:2868] 00000000020ae0bc
Thread C:\Windows\System32\spoolsv.exe [2244:3356] 000007fef62d8760
Thread C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2664:2720] 000007fef8682f9c
Thread C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2764:2780] 000007fefd0da808
Thread C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2792:2816] 000007fefd0da808
Thread C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [3288:3348] 000007fefd0da808
Thread C:\Program Files\Logitech Gaming Software\LCore.exe [4480:4576] 000000006d15ca70
Thread C:\Program Files\Logitech Gaming Software\LCore.exe [4480:4616] 000000006d1623e0
Thread C:\Program Files\Logitech Gaming Software\LCore.exe [4480:324] 000007fefb176204
Thread C:\Program Files\Alienware\Command Center\AWCCServiceController.exe [4952:5108] 000007fefae92a7c
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4132] 0000000071c24fc0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4136] 0000000071c24fc0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4348] 0000000071539ba0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4352] 000000007154cde0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:5100] 000000006baec6d0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:5096] 000000006baec6d0
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4028] 00000000724e27c1
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:6156] 00000000718c5440
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4676] 00000000718c5440
Thread C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176:4012] 00000000718c5440
Thread C:\Windows\system32\svchost.exe [5836:5876] 000007fee3985f1c
Thread C:\Windows\system32\svchost.exe [5836:5444] 000007fee33b8470
Thread C:\Windows\system32\svchost.exe [5836:5580] 000007fee33c2418
Thread C:\Windows\system32\svchost.exe [5836:2104] 000007fee202f130
Thread C:\Windows\system32\svchost.exe [5836:6724] 000007fee2024734
Thread C:\Windows\system32\svchost.exe [5836:3076] 000007fee2024734
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5928:4400] 000007fefae92a7c
Thread C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe [6800:6844] 000007fef3b8d304
Thread C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe [6800:6848] 000007fef3bd8890
Thread C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe [6800:6860] 000007fef3bd8890
Thread C:\Program Files\Alienware\Command Center\AlienFusionService.exe [4020:4004] 000007fef3b8d304
Thread C:\Program Files\Alienware\Command Center\AlienFusionService.exe [4020:2212] 000007fef3bd8890
Thread C:\Program Files\Alienware\Command Center\AlienFusionService.exe [4020:5392] 000007fef3af8e1c
Thread C:\Program Files\Alienware\Command Center\AlienFusionService.exe [4020:6384] 000007fef3bd8890
Thread C:\Windows\system32\taskhost.exe [6208:5520] 000007fef7ecef24
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:2900] 000007fefef46e50
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:1820] 000007fefeea4d00
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5584] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6412] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:7628] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6776] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:1888] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5728] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6336] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6560] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5884] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:8044] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:7828] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:8124] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5112] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5064] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:2896] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6456] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:4312] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:4544] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:3752] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:3308] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6240] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:1764] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:7604] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:7312] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:7560] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:3980] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:5180] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6220] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:6140] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe [1736:8120] 000007fefa473b90
Thread C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe [7700:4232] 000007fefef46e50
Thread C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe [7700:1288] 000007fef147ffe0
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\csrss.exe [1032] 000007fefc810000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1624] 000007fefc970000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1824] 000007fee14c0000
Library ? (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1968] 0000000073e50000
Library ? (*** suspicious ***) @ C:\Windows\system32\nvvsvc.exe [1980] 000007fefb380000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1444] 000007fedc0f0000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [2244] 000007fef6320000
Library ? (*** suspicious ***) @ C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2664] 000007fefe5c0000
Library ? (*** suspicious ***) @ C:\Program Files\Motorola\Bluetooth\obexsrv.exe [1640] 000007fefc980000
Library ? (*** suspicious ***) @ C:\Program Files\Motorola\Bluetooth\audiosrv.exe [3052] 000007fefc980000
Library ? (*** suspicious ***) @ C:\Windows\System32\rundll32.exe [4460] 000007fefe5c0000
Library ? (*** suspicious ***) @ C:\Program Files\Logitech Gaming Software\LCore.exe [4480] 0000000180000000
Library ? (*** suspicious ***) @ C:\Program Files\Alienware\Command Center\AWCCServiceController.exe [4952] 000007fee9120000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [4176] 0000000072050000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [5764] 000007fefb380000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5836] 000007fefd0f0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5928] 000007fee2560000
Library ? (*** suspicious ***) @ C:\Program Files\Alienware\Command Center\ThermalController.exe [6912] 000007fefc9a0000
Library ? (*** suspicious ***) @ C:\Program Files\Alienware\Command Center\AlienFusionService.exe [4020] 000007fefe130000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [6208] 000007fefe4b0000

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----
  #13  
Old January 12th, 2013, 11:48 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,282
Yes, as I think you figured out, just split them up. You didn't post all the logs requested, but let's just move forward, and catch them as we go.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

AVG Security Toolbar - Adware/spyware/search hijacker.
McAfee Security Scan Plus - Only scans - useless.
Vuze Remote Toolbar - Adware/spyware/search hijacker.

--------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  #14  
Old January 13th, 2013, 12:44 AM
goonproductions goonproductions is offline
New Member
 
Join Date: Jan 2013
Posts: 17
ComboFix 13-01-12.01 - Adrian 13/01/2013 9:32.1.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.32720.29059 [GMT 10:00]
Running from: c:\users\Adrian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\GLV35F4P\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\users\Adrian\AppData\Roaming\Microsoft\Windows\ Recent\Call of Duty Modern Warfare 3 - Multiplayer.url
c:\users\Adrian\AppData\Roaming\Microsoft\Windows\ Recent\Sniper Elite V2.url
c:\windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\@
c:\windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\L\00000004.@
c:\windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\L\201d3dde
c:\windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\U\00000004.@
c:\windows\Installer\{5a895e73-1cf5-3fc9-a1f9-660bfee30c39}\U\80000064.@
L:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-09 12:27 . 2013-01-09 12:27 -------- d-----w- c:\users\Adrian\AppData\Roaming\LolClient
2013-01-09 10:12 . 2008-07-11 22:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-01-09 10:12 . 2008-07-11 22:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-01-09 10:12 . 2008-07-11 22:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-01-09 10:10 . 2013-01-09 10:10 -------- d-----w- C:\Riot Games
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-01-09 03:26 . 2012-03-27 07:36 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 03:26 . 2012-03-27 07:36 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-24 17:12 . 2012-10-24 17:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-24 17:12 . 2012-10-24 17:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-19 6033016]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-10-12 286720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-24 240112]
"Razer Anansi Driver"="c:\program files (x86)\Razer\Anansi\RazerAnansiSysTray.exe" [2011-10-16 939416]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-02-21 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Nike+ Connect"="c:\program files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-06-20 70656]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-14 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Adrian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-27 0]
Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G930\eReg.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-11-01 14664]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/27 16:10;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2011-10-12 7168]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-24 219632]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-10-14 43008]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-06-30 52736]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2011-02-08 486144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64 .sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64 .sys [2011-03-18 335688]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60 .sys [2010-11-21 168448]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-21 20992]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-24 1116656]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBX p.sys [2011-11-30 26856]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBu sVideoM.sys [2010-11-21 22528]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-04 1255736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\s ystem32\drivers\WsAudio_DeviceS(1).sys [2012-03-31 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\s ystem32\drivers\WsAudio_DeviceS(2).sys [2012-03-31 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\s ystem32\drivers\WsAudio_DeviceS(3).sys [2012-03-31 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\s ystem32\drivers\WsAudio_DeviceS(4).sys [2012-03-31 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\s ystem32\drivers\WsAudio_DeviceS(5).sys [2012-03-31 29288]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStor A.sys [2011-10-12 562456]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStor F.sys [2011-10-12 23832]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2010-03-18 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-12 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-15 680016]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-13 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-13 128512]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-26 788000]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-09-02 211808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-08 4151376]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-27 1028096]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sy s [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sy s [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys [2011-05-04 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-09-15 100352]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-09-15 216064]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-10-11 166400]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 22:26 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Insta ller\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-03-27 03:26]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 06:05]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-21 06:05]
.
2013-01-11 c:\windows\Tasks\ReclaimerUpdateFiles_Adrian.job
- c:\users\Adrian\AppData\Roaming\Real\Update\Upgrad eHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 06:34]
.
2013-01-12 c:\windows\Tasks\ReclaimerUpdateXML_Adrian.job
- c:\users\Adrian\AppData\Roaming\Real\Update\Upgrad eHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 06:34]
.
2013-01-12 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Adrian .job
- c:\users\Adrian\AppData\Roaming\Real\Update\Upgrad eHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 06:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-11-01 12616]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-15 21709904]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ DbgagD\1*]
"value"="?\04\01\09\08\06\19i"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
.
************************************************** ************************
.
Completion time: 2013-01-13 09:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-12 23:41
.
Pre-Run: 38,888,284,160 bytes free
Post-Run: 39,327,985,664 bytes free
.
- - End Of File - - EEA6B7E0E6BF6A874B5348A04D24CCB5
  #15  
Old January 13th, 2013, 01:15 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,282
Reoved parts o a ZAccess bootkit/rootkit infection. We'll need to follow up on tat first.

Not sure how I issed Spybot's teaTier running. It can block legit Registry changes, as well as undo soe, and needs to be disabled. feel free to just uninstall Spybot instead. It's benefit lately as a security software is questionable.


First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

------

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de tÚlÚchargement:).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
My computer has a virus!! - moved by Jintan anayeknamwen Malware Removal 90 February 14th, 2013 12:33 AM
Computer shut down by itself - moved by Jintan wolflmg Malware Removal 32 November 18th, 2012 12:27 AM
Computer may be infected - Moved by Jintan Jerry56 Windows XP 97 October 4th, 2012 12:35 AM
Computer sounds like its about to take off- Moved by Jintan Joyce Reid Hardware 75 June 1st, 2012 01:43 AM
Cleaning up a new computer - moved by Tom Novice911 Windows XP 5 November 15th, 2006 06:58 PM


All times are GMT +1. The time now is 02:56 PM.