Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan?

Unread postby pcparadise » March 7th, 2014, 11:45 am

Delete the other 2 posts please.

Sorry for not reading the stickes.
Description:
Hello.
After a disconnection from the internet occurred, my mouse started move very slowly, and the computer was unresponsive. I had to use the reset switch in order to reboot. After trying to reconnect, I could. Everything seems fine, but could I be infected? This has happened 2 other times, and I'm wondering if it has something to do with my router, or a remote access trojan? Thanks for your help!

Here are the 2 DDS logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Alex at 10:44:38 on 2014-03-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.4485 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
F:\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
F:\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:36
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{58C93B80-7297-46F3-8B5E-59128952C659} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-2-8 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-2-8 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-2-8 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-2-8 421704]
R1 BSMEM;BSMEM;C:\Windows\System32\drivers\BSMEM.sys [2014-1-21 29344]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-2-8 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-8 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-12 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-27 15129376]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-8 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-8 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-8 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-18 411936]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-8 80184]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-12 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-12 888536]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
R4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-27 4915040]
R4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-27 1255736]
.
=============== Created Last 30 ================
.
2014-03-07 14:34:46 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECA3DC6F-DEDC-42DE-AA57-3D53DA7B0376}\mpengine.dll
2014-03-07 04:39:58 -------- d-----w- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2014-03-07 04:39:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-07 04:39:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-07 04:23:17 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2014-03-07 04:23:17 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2014-03-07 04:23:17 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2014-03-07 04:23:17 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2014-03-07 04:23:17 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit
2014-03-07 02:44:56 -------- d-----w- C:\Users\Alex\AppData\Local\Diagnostics
2014-03-06 23:14:28 -------- d-----w- C:\Users\Alex\jagexcache
2014-02-26 02:50:02 -------- d-----w- C:\Users\Alex\AppData\Local\Razer
2014-02-25 21:53:41 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-25 21:53:41 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 04:13:44 -------- d-----w- C:\Users\Alex\.thumbnails
2014-02-25 04:13:32 -------- d-----w- C:\Users\Alex\AppData\Local\gtk-2.0
2014-02-25 04:07:46 -------- d-----w- C:\Users\Alex\AppData\Local\fontconfig
2014-02-25 04:07:45 -------- d-----w- C:\Users\Alex\.gimp-2.8
2014-02-25 04:07:44 -------- d-----w- C:\Users\Alex\AppData\Local\gegl-0.2
2014-02-25 04:07:01 -------- d-----w- C:\Program Files\GIMP 2
2014-02-22 22:31:33 -------- d-----w- C:\Program Files (x86)\puush
2014-02-21 20:01:57 -------- d-----w- C:\.jagex_cache_32
2014-02-18 23:11:30 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-16 01:00:07 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-02-16 00:59:36 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-16 00:59:36 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-12 04:36:15 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 04:35:47 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 04:35:47 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 04:35:46 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 04:35:46 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-09 00:20:45 -------- d-----w- C:\Program Files (x86)\ZOTAC FireStorm
2014-02-08 21:02:22 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-02-08 21:02:18 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-08 20:23:53 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVAST Software
2014-02-08 20:23:26 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-02-08 20:23:26 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-02-08 20:23:26 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-08 20:23:26 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-02-08 20:23:26 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-08 20:23:26 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-08 20:23:25 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-08 20:23:16 -------- d-----w- C:\Program Files\AVAST Software
2014-02-08 20:13:09 251982 ----a-w- C:\ProgramData\1391890347.bdinstall.bin
2014-02-08 01:40:16 -------- d-----w- C:\Windows\Migration
2014-02-08 01:36:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-08 01:36:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-08 01:09:37 959907 ----a-w- C:\ProgramData\1391820233.bdinstall.bin
2014-02-08 01:08:31 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2014-02-08 01:08:30 -------- d-----w- C:\ProgramData\BDLogging
2014-02-08 01:08:02 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-02-08 01:08:02 511328 ----a-w- C:\Windows\capicom.dll
2014-02-06 01:22:26 -------- d-----w- C:\Users\Alex\AppData\Roaming\TS3Client
2014-02-06 01:22:23 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
.
==================== Find3M ====================
.
2014-02-08 17:42:36 6712608 ----a-w- C:\Windows\System32\nvcpl.dll
2014-02-08 17:42:36 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-02-08 17:42:33 923936 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-02-08 17:42:32 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-02-08 17:42:32 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-02-08 01:13:16 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 17:52:50 3573739 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-01-26 15:50:23 291488 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-26 15:50:23 291488 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-01-26 15:46:39 291488 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-01-26 15:45:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-01-20 03:45:22 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-20 03:44:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-14 01:53:50 88576 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-01-14 01:53:44 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-01-13 01:32:03 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-01-13 01:32:03 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-01-13 01:32:03 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-01-12 18:39:53 300754 ----a-w- C:\ProgramData\1389551861.bdinstall.bin
2014-01-12 18:36:42 62078 ----a-w- C:\ProgramData\1389551794.bdinstall.bin
2014-01-12 18:33:43 62116 ----a-w- C:\ProgramData\1389551618.bdinstall.bin
2014-01-12 18:33:29 346699 ----a-w- C:\ProgramData\1389551342.bdinstall.bin
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-10 02:15:06 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:14:54 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
.
============= FINISH: 10:44:46.84 ===============



and



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12/27/2013 2:11:53 AM
System Uptime: 3/6/2014 9:42:26 PM (13 hours ago)
.
Motherboard: BIOSTAR Group | | A960D+
Processor: AMD FX(tm)-6350 Six-Core Processor | CPU 1 | 3900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 61.222 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.064 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 373.286 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP74: 2/25/2014 4:53:45 PM - Windows Update
RP75: 2/25/2014 9:17:46 PM - Installed Razer Synapse 2.0.
RP76: 3/4/2014 3:52:03 AM - Windows Update
RP77: 3/6/2014 6:14:22 PM - Installed RuneScape Launcher 1.2.3
RP78: 3/7/2014 9:34:38 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
ATI Catalyst Install Manager
ATI Catalyst Registration
avast! Free Antivirus
Battle.net
CCleaner
Counter-Strike: Global Offensive
Fraps
GeForce Experience NvStream Client Components
GIMP 2.8.10
Google Chrome
Google Update Helper
Hearthstone
ImgBurn
iTunes
Java 7 Update 51
Java 7 Update 51 (64-bit)
Java Auto Updater
League of Legends
Mafia II
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
No-IP DUC
NVIDIA 3D Vision Controller Driver 334.89
NVIDIA 3D Vision Driver 334.89
NVIDIA Control Panel 334.89
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 334.89
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenOffice 4.0.1
PlanetSide 2
puush
RaidCall
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RuneScape Launcher 1.2.3
Rust
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SHIELD Streaming
Skype™ 6.11
Speccy
Spybot - Search & Destroy
Steam
SUPERAntiSpyware
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 9
TomTom HOME
TomTom HOME Visual Studio Merge Modules
WinRAR 5.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/6/2014 9:43:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
3/6/2014 9:42:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/6/2014 9:42:46 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/2/2014 11:33:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/2/2014 11:33:15 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2014 11:33:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm
Advertisement
Register to Remove

Re: Trojan?

Unread postby Dakeyras » March 7th, 2014, 6:21 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Infected? Virus, malware, adware, ransomware, oh my! forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next reply.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CreateRestorePoint


  • Now click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • RogueKiller Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan?

Unread postby pcparadise » March 7th, 2014, 6:31 pm

Here is the first log, OTL is scanning
EDIT: By the way, I'm 99% sure the host file additions are from Spybot Search and Destroy.

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Scan -- Date : 03/07/2014 17:28:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 4fb9bd9aef4d8faf32442c9db5c88e6c
[BSP] b6240af2c2f383d793fba2bf6dbc95f5 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 0086ef50b2b3345568719112240d593a
[BSP] 38148b7e87ca820e73ba274803ab5e49 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114370 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03072014_172821.txt >>
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby Dakeyras » March 7th, 2014, 6:36 pm

Acknowledged...

By the way, I'm 99% sure the host file additions are from Spybot Search and Destroy.

Aye it does appear to be from(due to use of) the Immunization feature of Spybot'. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan?

Unread postby pcparadise » March 7th, 2014, 6:36 pm

OTL logfile created on: 3/7/2014 5:30:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.71% Memory free
16.00 Gb Paging File | 13.57 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 61.03 Gb Free Space | 54.64% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.29 Mb Free Space | 65.29% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 373.27 Gb Free Space | 80.16% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/07 17:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2014/03/01 21:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/22 17:31:50 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2014/02/17 08:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/02/08 15:23:24 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/08 15:23:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/08 11:18:26 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/01/26 10:45:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/01/16 10:50:30 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 21:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/08 15:49:00 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/01 21:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 21:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 21:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 21:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 21:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 21:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014/02/22 17:31:50 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2014/02/12 03:23:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 03:23:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:22:55 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:22:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:22:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:22:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:22:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 03:11:28 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/12 03:11:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/12 03:10:48 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/12 03:10:48 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/12 03:10:47 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/12 03:03:38 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/12 03:03:28 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:03:28 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/12 03:03:24 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/12 03:03:23 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/12 03:03:23 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/12 03:03:22 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/12 03:03:21 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/12 03:03:21 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/12 03:03:21 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/12 03:03:20 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/12 03:03:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/12 03:03:19 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/12 03:03:19 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:03:18 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/12 03:03:14 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/08 15:23:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/08 15:23:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/09 21:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/25 16:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/17 08:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Disabled | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/02/08 11:18:26 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/26 10:45:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/10/23 11:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 15:57:34 | 000,093,072 | ---- | M] (TomTom) [Disabled | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/08 15:23:25 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/08 15:23:25 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/08 15:23:25 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/08 15:23:25 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/02/08 15:23:25 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/08 15:23:25 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/02/08 15:23:25 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/12 20:32:03 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/05 03:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/15 01:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 01:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/13 14:21:18 | 000,029,344 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BSMEM.sys -- (BSMEM)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/06/13 14:21:18 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BSMEM.sys -- (BSMEM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 78 3F 45 D6 02 CF 01 [binary data]
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-181624369-2158579657-95777338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alex\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2014/01/08 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2014/01/08 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Magic Actions for YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.2.2_0\
CHR - Extension: Magic Actions for YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.3_0\
CHR - Extension: Media Hint = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\
CHR - Extension: Google Docs = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: WOT = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: WOT = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Google Maps = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/08 16:10:36 | 000,450,770 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-181624369-2158579657-95777338-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-181624369-2158579657-95777338-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C93B80-7297-46F3-8B5E-59128952C659}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 17:25:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2014/03/06 23:39:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
[2014/03/06 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/03/06 23:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/03/06 23:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/03/06 23:23:17 | 001,858,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100d.dll
[2014/03/06 23:23:17 | 001,498,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100d.dll
[2014/03/06 23:23:17 | 001,014,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100d.dll
[2014/03/06 23:23:17 | 000,743,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100d.dll
[2014/03/06 23:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Exploit
[2014/03/06 22:30:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\RK_Quarantine
[2014/03/06 21:44:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Diagnostics
[2014/03/06 18:14:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/03/06 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\jagexcache
[2014/03/03 14:29:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\ROMS
[2014/03/03 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Project64
[2014/03/01 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Audacity
[2014/03/01 10:55:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2014/02/28 17:27:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\PC Parts
[2014/02/25 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Razer
[2014/02/25 21:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2014/02/25 21:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2014/02/25 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2014/02/25 16:53:41 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/25 16:53:41 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/24 23:13:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\.thumbnails
[2014/02/24 23:13:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\gtk-2.0
[2014/02/24 23:07:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\fontconfig
[2014/02/24 23:07:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\.gimp-2.8
[2014/02/24 23:07:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\gegl-0.2
[2014/02/24 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014/02/22 17:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[2014/02/22 17:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\puush
[2014/02/21 15:01:57 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2014/02/18 18:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/02/18 18:11:30 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/02/18 18:09:54 | 031,432,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/02/18 18:09:54 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/02/18 18:09:54 | 023,683,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/02/18 18:09:54 | 017,715,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/02/18 18:09:54 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/02/18 18:09:54 | 015,740,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/02/18 18:09:54 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/02/18 18:09:54 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/02/18 18:09:54 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/02/18 18:09:54 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/02/18 18:09:54 | 003,142,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/02/18 18:09:54 | 002,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/02/18 18:09:54 | 002,782,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/02/18 18:09:54 | 002,410,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/02/18 18:09:54 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433489.dll
[2014/02/18 18:09:54 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433489.dll
[2014/02/18 18:09:54 | 000,892,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/02/18 18:09:54 | 000,875,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/02/18 18:09:54 | 000,863,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/02/18 18:09:54 | 000,844,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/02/18 18:09:54 | 000,832,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/02/18 18:09:54 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/02/18 18:09:54 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/02/18 18:09:54 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/02/18 18:09:54 | 000,148,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/02/15 20:00:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/15 20:00:04 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/15 20:00:04 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/15 20:00:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/15 20:00:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/15 20:00:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/15 20:00:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/15 20:00:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/15 20:00:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/15 20:00:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/15 20:00:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/15 20:00:04 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/15 20:00:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/15 20:00:03 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/15 20:00:03 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/02/15 20:00:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/02/15 19:59:36 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/02/15 19:59:36 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/02/12 03:00:48 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 03:00:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 03:00:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 03:00:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 03:00:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 03:00:23 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 03:00:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 03:00:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 03:00:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 03:00:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 03:00:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 03:00:22 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 03:00:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 03:00:22 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 03:00:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 03:00:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 03:00:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 03:00:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 03:00:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 03:00:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 03:00:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 03:00:20 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 03:00:20 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 03:00:18 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/11 23:36:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/11 23:36:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 23:36:02 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/11 23:36:02 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/11 23:36:02 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/11 23:36:02 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/11 23:36:02 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/11 23:36:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/11 23:36:02 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/11 23:36:02 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/11 23:36:02 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/11 23:36:02 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/11 23:36:02 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/11 23:36:02 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/11 23:36:02 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/11 23:36:02 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/11 23:36:02 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/11 23:36:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/11 23:36:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/11 23:35:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 23:35:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/08 19:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZOTAC FireStorm
[2014/02/08 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\ProcAlyzer Dumps
[2014/02/08 16:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/08 16:02:22 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/02/08 16:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/02/08 15:23:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVAST Software
[2014/02/08 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/02/08 15:23:26 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/08 15:23:26 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/08 15:23:26 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/08 15:23:26 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/08 15:23:26 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/08 15:23:26 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/08 15:23:25 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/08 15:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/07 20:40:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/07 20:36:43 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/02/07 20:36:43 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/02/07 20:24:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\CCleaner Backups
[2014/02/07 20:08:31 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/02/07 20:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/02/07 20:08:02 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2014/02/07 20:08:02 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/02/05 20:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2014/02/05 20:22:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2014/02/05 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014/02/05 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 17:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2014/03/07 17:24:35 | 003,819,008 | ---- | M] () -- C:\Users\Alex\Desktop\RogueKiller.exe
[2014/03/07 17:23:32 | 000,000,024 | ---- | M] () -- C:\Users\Alex\random.dat
[2014/03/07 17:22:38 | 000,000,043 | ---- | M] () -- C:\Users\Alex\jagex_cl_runescape_LIVE.dat
[2014/03/07 17:21:18 | 000,000,043 | ---- | M] () -- C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
[2014/03/07 16:52:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 11:10:53 | 000,000,024 | ---- | M] () -- C:\Users\Alex\jagexappletviewer.preferences
[2014/03/07 00:52:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/06 23:39:50 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/03/06 21:49:51 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 21:49:51 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 21:49:31 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/06 21:49:31 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/06 21:49:31 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/06 21:42:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 21:42:35 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/06 18:14:29 | 000,002,042 | ---- | M] () -- C:\Users\Alex\Desktop\RuneScape.lnk
[2014/03/05 07:48:24 | 000,020,483 | ---- | M] () -- C:\Users\Alex\Documents\z for zic.odt
[2014/03/04 03:54:18 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/03 14:29:20 | 000,000,995 | ---- | M] () -- C:\Users\Alex\Desktop\Project64.lnk
[2014/03/01 13:52:31 | 000,001,042 | ---- | M] () -- C:\Users\Alex\Desktop\Audacity.lnk
[2014/03/01 10:55:56 | 000,001,003 | ---- | M] () -- C:\Users\Alex\Desktop\RaidCall.lnk
[2014/02/28 18:08:38 | 000,000,199 | ---- | M] () -- C:\Users\Alex\Desktop\Team Fortress 2.url
[2014/02/26 19:11:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2014/02/26 19:11:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2014/02/26 16:04:39 | 000,318,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/24 23:31:21 | 000,001,458 | ---- | M] () -- C:\Users\Alex\AppData\Local\recently-used.xbel
[2014/02/24 23:31:20 | 001,482,806 | ---- | M] () -- C:\Users\Alex\Documents\civics poster.xcf
[2014/02/24 23:07:23 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2014/02/24 22:55:28 | 000,000,102 | -H-- | M] () -- C:\Users\Alex\Desktop\.~lock.civics poster.odg#
[2014/02/24 16:34:33 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/02/21 19:43:26 | 000,000,199 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Global Offensive.url
[2014/02/12 03:01:43 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/08 16:50:38 | 000,000,017 | ---- | M] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
[2014/02/08 16:10:36 | 000,450,770 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/08 16:02:25 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Spybot.lnk
[2014/02/08 15:23:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/08 15:23:25 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/08 15:23:25 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/08 15:23:25 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/08 15:23:25 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/08 15:23:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/08 15:23:25 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/08 15:23:25 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/08 15:23:25 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/08 15:23:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/08 15:13:09 | 000,251,982 | ---- | M] () -- C:\ProgramData\1391890347.bdinstall.bin
[2014/02/08 13:34:51 | 031,432,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/02/08 13:34:51 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/02/08 13:34:51 | 023,683,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/02/08 13:34:51 | 018,257,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/02/08 13:34:51 | 017,715,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/02/08 13:34:51 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/02/08 13:34:51 | 015,740,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/02/08 13:34:51 | 014,669,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/02/08 13:34:51 | 011,636,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/02/08 13:34:51 | 011,589,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/02/08 13:34:51 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/02/08 13:34:51 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/02/08 13:34:51 | 003,142,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/02/08 13:34:51 | 003,090,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/02/08 13:34:51 | 002,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/02/08 13:34:51 | 002,782,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/02/08 13:34:51 | 002,713,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/02/08 13:34:51 | 002,410,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/02/08 13:34:51 | 001,885,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433489.dll
[2014/02/08 13:34:51 | 001,515,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433489.dll
[2014/02/08 13:34:51 | 000,947,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/02/08 13:34:51 | 000,892,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/02/08 13:34:51 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/02/08 13:34:51 | 000,863,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/02/08 13:34:51 | 000,844,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/02/08 13:34:51 | 000,832,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/02/08 13:34:51 | 000,353,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/02/08 13:34:51 | 000,305,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/02/08 13:34:51 | 000,174,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/02/08 13:34:51 | 000,148,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/02/08 13:34:51 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/02/08 13:34:51 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/02/08 13:34:51 | 000,024,544 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/02/08 12:42:36 | 006,712,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/02/08 12:42:36 | 003,498,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/02/08 12:42:32 | 000,386,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/02/08 12:42:32 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/02/08 11:18:30 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/02/07 20:13:16 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/02/07 20:13:16 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/02/07 20:09:37 | 000,959,907 | ---- | M] () -- C:\ProgramData\1391820233.bdinstall.bin
[2014/02/07 20:08:47 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2014/02/07 20:08:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 20:23:59 | 000,000,541 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2014/02/05 20:22:24 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 17:24:34 | 003,819,008 | ---- | C] () -- C:\Users\Alex\Desktop\RogueKiller.exe
[2014/03/06 23:39:50 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/03/06 18:24:22 | 000,000,043 | ---- | C] () -- C:\Users\Alex\jagex_cl_oldschool_LIVE.dat
[2014/03/06 18:14:49 | 000,000,043 | ---- | C] () -- C:\Users\Alex\jagex_cl_runescape_LIVE.dat
[2014/03/06 18:14:37 | 000,000,024 | ---- | C] () -- C:\Users\Alex\jagexappletviewer.preferences
[2014/03/06 18:14:29 | 000,002,072 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/03/06 18:14:29 | 000,002,042 | ---- | C] () -- C:\Users\Alex\Desktop\RuneScape.lnk
[2014/03/05 07:48:22 | 000,020,483 | ---- | C] () -- C:\Users\Alex\Documents\z for zic.odt
[2014/03/03 14:29:20 | 000,000,995 | ---- | C] () -- C:\Users\Alex\Desktop\Project64.lnk
[2014/03/01 13:52:33 | 000,001,042 | ---- | C] () -- C:\Users\Alex\Desktop\Audacity.lnk
[2014/03/01 10:55:56 | 000,001,003 | ---- | C] () -- C:\Users\Alex\Desktop\RaidCall.lnk
[2014/02/28 18:08:38 | 000,000,199 | ---- | C] () -- C:\Users\Alex\Desktop\Team Fortress 2.url
[2014/02/26 19:11:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2014/02/26 19:11:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2014/02/24 23:31:21 | 000,001,458 | ---- | C] () -- C:\Users\Alex\AppData\Local\recently-used.xbel
[2014/02/24 23:13:44 | 001,482,806 | ---- | C] () -- C:\Users\Alex\Documents\civics poster.xcf
[2014/02/24 23:07:23 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014/02/24 23:07:23 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2014/02/24 22:55:28 | 000,000,102 | -H-- | C] () -- C:\Users\Alex\Desktop\.~lock.civics poster.odg#
[2014/02/21 19:43:26 | 000,000,199 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Global Offensive.url
[2014/02/21 14:46:46 | 000,000,024 | ---- | C] () -- C:\Users\Alex\random.dat
[2014/02/08 16:50:38 | 000,000,017 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg
[2014/02/08 16:02:25 | 000,001,387 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/08 16:02:25 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Spybot.lnk
[2014/02/08 15:23:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/08 15:23:26 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/08 15:23:26 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/08 15:13:09 | 000,251,982 | ---- | C] () -- C:\ProgramData\1391890347.bdinstall.bin
[2014/02/07 20:09:37 | 000,959,907 | ---- | C] () -- C:\ProgramData\1391820233.bdinstall.bin
[2014/02/07 20:08:47 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2014/02/07 20:08:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/02/05 20:23:59 | 000,000,541 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2014/02/05 20:22:24 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/01/26 10:45:18 | 000,291,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/26 10:45:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/12 13:39:53 | 000,300,754 | ---- | C] () -- C:\ProgramData\1389551861.bdinstall.bin
[2014/01/12 13:36:42 | 000,062,078 | ---- | C] () -- C:\ProgramData\1389551794.bdinstall.bin
[2014/01/12 13:33:43 | 000,062,116 | ---- | C] () -- C:\ProgramData\1389551618.bdinstall.bin
[2014/01/12 13:33:29 | 000,346,699 | ---- | C] () -- C:\ProgramData\1389551342.bdinstall.bin
[2013/12/27 02:41:50 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< C:\program files (x86)\Google\Desktop >

< C:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 8A52-FBC4
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Alex
12/27/2013 02:11 AM <JUNCTION> Application Data [C:\Users\Alex\AppData\Roaming]
12/27/2013 02:11 AM <JUNCTION> Cookies [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2013 02:11 AM <JUNCTION> Local Settings [C:\Users\Alex\AppData\Local]
12/27/2013 02:11 AM <JUNCTION> My Documents [C:\Users\Alex\Documents]
12/27/2013 02:11 AM <JUNCTION> NetHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2013 02:11 AM <JUNCTION> PrintHood [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2013 02:11 AM <JUNCTION> Recent [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2013 02:11 AM <JUNCTION> SendTo [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2013 02:11 AM <JUNCTION> Start Menu [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2013 02:11 AM <JUNCTION> Templates [C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Alex\AppData\Local
12/27/2013 02:11 AM <JUNCTION> Application Data [C:\Users\Alex\AppData\Local]
12/27/2013 02:11 AM <JUNCTION> History [C:\Users\Alex\AppData\Local\Microsoft\Windows\History]
12/27/2013 02:11 AM <JUNCTION> Temporary Internet Files [C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Alex\Documents
12/27/2013 02:11 AM <JUNCTION> My Music [C:\Users\Alex\Music]
12/27/2013 02:11 AM <JUNCTION> My Pictures [C:\Users\Alex\Pictures]
12/27/2013 02:11 AM <JUNCTION> My Videos [C:\Users\Alex\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 65,540,530,176 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< End of report >
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby pcparadise » March 7th, 2014, 6:36 pm

OTL Extras logfile created on: 3/7/2014 5:30:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.71% Memory free
16.00 Gb Paging File | 13.57 Gb Available in Paging File | 84.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 61.03 Gb Free Space | 54.64% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 65.29 Mb Free Space | 65.29% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 373.27 Gb Free Space | 80.16% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A03733-44F3-4C43-BE04-F9460A1EC992}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{08780431-1AFD-45CB-B4D0-9EC99B03D43E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{08C909E1-5C5E-481B-9EB3-A521C5D564A7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{33CC484F-DF4C-4BB0-A3BF-47B157A9A2DE}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5D8AC258-242E-4520-A9F5-E7CB8C25474A}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{70E0FA5A-113A-428F-A53D-4CEC58D876AD}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{94EBA93D-8C64-40DA-850E-AFB811127866}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C2352D3C-3964-43F3-A605-D8A0BAB233BF}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CE467D59-36B9-488B-B937-93EC88C15977}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{EC3E68A4-71CD-4B57-882A-4411D72D6A79}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C69A84-B83F-4122-9927-C6C1EF04DAF6}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\rust\rustlauncher.exe |
"{14A41B6B-6D69-40E0-B01B-42EEDE2DE586}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{233B73DE-0B0C-4E05-9D1A-4AE8054969D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2C49B644-26EE-4A3D-BA0B-A1106A0FECFC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2CC76287-E871-4DCF-B32F-4CB47066A0F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3BE94890-B53B-40D1-A4B8-7DCA63C813C3}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{3CC56935-28A4-4FB1-94C0-990F0D52B8A9}" = dir=in | app=f:\programs\itunes\itunes.exe |
"{53EBC8B0-4F11-4E53-A763-816244DEBA49}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{572D5677-6477-497A-9880-ECDD0F6F27CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{5BB22D31-4568-4118-9705-3B24DD63E245}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\team fortress 2\hl2.exe |
"{5D63A15F-E49B-4394-B654-7EF8673F91AA}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{5FE17797-4A6A-42A3-A884-92E77EFDEC56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{632E349E-866D-4157-9594-2E32E4D97FD9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{649749A7-B70A-475F-87B0-79C44D8E9E6A}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{6EC2471F-A582-49E9-83FE-0F53B28C2D90}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\rust\rust.exe |
"{729F6ECB-0BD2-4601-83A0-91CB58F5556B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe |
"{75D247B7-5489-4C84-BC70-22F4E9C3229E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\rust\rust.exe |
"{7B44FC80-E929-40E7-87FD-FFFDDD7D3330}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{964A8730-6C18-4229-9127-DD27E9F83854}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{98391063-ECE6-407B-8057-90509B7B79F4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A793172E-2F13-48A3-A37C-DC259BDC8520}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{AEE04C44-D70D-49B2-9F32-B9429AF90CE5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{B4A92D67-2425-4754-B23F-B9E2AC451178}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B706EC15-5636-4D7C-8130-629A35BC1273}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\rust\rustlauncher.exe |
"{C2121A6C-D309-4FBE-867F-1E247DE8725C}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\team fortress 2\hl2.exe |
"{C4C18777-289E-4BAA-9B52-8FFBCCE404CF}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{EAF0FD0A-D511-4F27-A41D-97A0A0E9CEF4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{EEC21D8E-E0CA-4A09-AA6C-4578ED398084}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F0A74766-BE60-4A34-AA9C-244B4E45B667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F60FEBC9-8845-446B-9580-AFC679CE5250}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{FAB55112-3420-4097-B43A-702A4A2F4763}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe |
"{FAE76A90-5D16-4FB1-802B-BD0AF8908536}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FDB43F03-448E-45B1-AF8D-34F63223A844}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"TCP Query User{86E9433C-8231-4D6D-8CA9-2F95ADC8303F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B093B060-F234-46CC-9263-3381750BC90B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C4597FB7-D3E2-471F-85E6-63BB596E5588}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{3B09FFC5-1F89-4980-9A40-BD994F9C68F2}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{3B201C31-8B08-4337-9163-B23CB7836E74}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B8810D9A-D32E-45B2-89B8-4EBFE52DA957}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"Avast" = avast! Free Antivirus
"Battle.net" = Battle.net
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"ImgBurn" = ImgBurn
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RaidCall" = RaidCall
"Steam" = Steam
"Steam App 218230" = PlanetSide 2
"Steam App 252490" = Rust
"Steam App 440" = Team Fortress 2
"Steam App 50130" = Mafia II
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 9" = TeamViewer 9

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 3/7/2014 12:02:04 AM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 3/7/2014 12:25:21 AM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 3/7/2014 11:08:38 AM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 3/7/2014 12:19:16 PM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 3/7/2014 4:13:49 PM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 3/7/2014 5:31:23 PM | Computer Name = Alex-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

[ System Events ]
Error - 3/2/2014 12:33:06 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 3/2/2014 12:33:15 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2014 12:33:15 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 3/2/2014 12:33:15 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 3/3/2014 7:29:29 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 3/3/2014 7:29:30 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 3/6/2014 10:42:38 PM | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:42:01 PM on ?3/?6/?2014 was unexpected.

Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 3/6/2014 10:42:46 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 3/6/2014 10:43:16 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056


< End of report >
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby Dakeyras » March 7th, 2014, 7:41 pm

Hi. :)

Lets proceed as follows shall we...

SUPERAntiSpyware Advice:

SUPERAntiSpyware has a component/incorporated feature named Bootsafe, if ever used on a infected machine it can render it little more than a expensive door stop! Plus to be honest my personal opinion about the software is it is little more than a waste of installation space and far from effective these days as a Anti-Malware application...

I will further add in all the years I have been providing online Anti-Malware support; have never advised the use(deployed) of the application.

My friendly advice is you consider uninstalling it, though that is your call.

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outline in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets installationt utility to rectify this.

Note: Ensure you reboot you machine when prompted before proceeding any further.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-181624369-2158579657-95777338-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/02/07 20:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/02/07 20:08:02 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/02/07 20:09:37 | 000,959,907 | ---- | M] () -- C:\ProgramData\1391820233.bdinstall.bin
[2014/02/08 15:13:09 | 000,251,982 | ---- | C] () -- C:\ProgramData\1391890347.bdinstall.bin
[2014/02/07 20:09:37 | 000,959,907 | ---- | C] () -- C:\ProgramData\1391820233.bdinstall.bin
[2014/01/26 10:45:18 | 000,291,488 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/26 10:45:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/12 13:39:53 | 000,300,754 | ---- | C] () -- C:\ProgramData\1389551861.bdinstall.bin
[2014/01/12 13:36:42 | 000,062,078 | ---- | C] () -- C:\ProgramData\1389551794.bdinstall.bin
[2014/01/12 13:33:43 | 000,062,116 | ---- | C] () -- C:\ProgramData\1389551618.bdinstall.bin
[2014/01/12 13:33:29 | 000,346,699 | ---- | C] () -- C:\ProgramData\1389551342.bdinstall.bin

:Files
ipconfig /flushdns /c
C:\Program Files\Bitdefender
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan?

Unread postby pcparadise » March 7th, 2014, 9:42 pm

Hi again.
My computer has always run very well, as I have a fairly powerful machine. The main reason I had posted though was because these few odd occurrences had me worried that I had a RAT or something on my machine (internet would disconnect, mouse froze up, etc). This would be a big hit to me, because I'm a fairly avid gamer :P. So after looking at these logs, do you think I'm safe? Will all of these scans have ruled out a RAT or rootkit? Thanks for all your help! here are your requested logs:

EDIT: another question I had, I had run roguekiller once before, and it removed 3 registry entries. I have them in a quarantine on my desktop along with registry backups. The 3 keys in the folder are as follows:

EDIT2: Is it okay for me to delete this folder?

1. HKEY_CURRENT_USER_Software_Microsoft_Windows_CurrentVersion_Explorer_Advanced_Start_Show0
2. HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{20D04FE0-0
3. HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{59031a47-0

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-181624369-2158579657-95777338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\BDLogging\updatesrv folder moved successfully.
C:\ProgramData\BDLogging folder moved successfully.
C:\Windows\SysWOW64\bdsandboxuiskin32.dll moved successfully.
C:\ProgramData\1391820233.bdinstall.bin moved successfully.
C:\ProgramData\1391890347.bdinstall.bin moved successfully.
File C:\ProgramData\1391820233.bdinstall.bin not found.
C:\Windows\SysWOW64\PnkBstrB.exe moved successfully.
C:\Windows\SysWOW64\PnkBstrA.exe moved successfully.
C:\ProgramData\1389551861.bdinstall.bin moved successfully.
C:\ProgramData\1389551794.bdinstall.bin moved successfully.
C:\ProgramData\1389551618.bdinstall.bin moved successfully.
C:\ProgramData\1389551342.bdinstall.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
C:\Program Files\Bitdefender folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 21871293 bytes
->Temporary Internet Files folder emptied: 129 bytes
->Java cache emptied: 14086062 bytes
->Google Chrome cache emptied: 15281972 bytes
->Flash cache emptied: 728 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11250 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03072014_203331

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.03.07.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Alex :: ALEX-PC [administrator]

3/7/2014 8:41:19 PM
mbam-log-2014-03-07 (20-41-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214387
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby Dakeyras » March 8th, 2014, 7:50 am

Hi. :)

Will all of these scans have ruled out a RAT or rootkit? Thanks for all your help!

So far no indication your machine has been compromised by either and you're most welcome!

EDIT: another question I had, I had run roguekiller once before, and it removed 3 registry entries. I have them in a quarantine on my desktop along with registry backups. The 3 keys in the folder are as follows:

EDIT2: Is it okay for me to delete this folder?

Not a cause for concern and merely leave in place for the time being. When I give the all clear we will remove all tools and logs via a specific methodology etc.

Next:

Do you have a Windows 7 64 Bit Installation DVD at all ? If not please follow this tutorial of mine:-

How to create a Windows 7 Startup Repair Disk

Reason being we may need to make use of either to implement some repairs.

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad:
Code: Select all
@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Go to File >> Save As
  • Save File name as Dakeyras.bat
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Image
Now right-click on Dakeyras.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Image

  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on into your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:

  • Do you have a W7 DVD and or did you create a Startup Repair Disk ?
  • Check Hard Disk For Errors Log
  • AdwCleaner Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan?

Unread postby pcparadise » March 8th, 2014, 1:07 pm

Hello again.
I made the Windows recovery disk. I have one concern about the hard disk check. I have windows installed onto an SSD, and then I have a secondary HDD. This scan was to scan the SSD right? Would the next step be like a defragmentation progress? Wouldn't want to shorten my drive life is all :) .

First log:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
298 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
33755 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

117114879 KB total disk space.
53937952 KB in 98629 files.
63800 KB in 33756 indexes.
0 KB in bad sectors.
283479 KB in use by the system.
65536 KB occupied by the log file.
62829648 KB available on disk.

4096 bytes in each allocation unit.
29278719 total allocation units on disk.
15707412 allocation units available on disk.
Last edited by pcparadise on March 8th, 2014, 1:08 pm, edited 1 time in total.
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby pcparadise » March 8th, 2014, 1:07 pm

Second log:

# AdwCleaner v3.020 - Report created 08/03/2014 at 12:02:22
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [840 octets] - [08/03/2014 12:00:14]
AdwCleaner[S0].txt - [768 octets] - [08/03/2014 12:02:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [827 octets] ##########
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby Dakeyras » March 8th, 2014, 1:32 pm

Hi. :)

I made the Windows recovery disk

Acknolwedged.

I have one concern about the hard disk check. I have windows installed onto an SSD, and then I have a secondary HDD. This scan was to scan the SSD right?

Correct on the main system drive itself. Anyway all appears fine with the actual file system. For intrest sake you can actually perform a Check-Disk routine on a SSD drive but we have no need to do so at this time.

Would the next step be like a defragmentation progress? Wouldn't want to shorten my drive life is all :) .

No we would not do that as SSD drives do not require such system maintenance and as you mentioned would only have a detrimental effect.

Now I would like for your good self to perform the two following scans for myself so we can rule out malware as the root cause of the unexpected occurrence you mentioned in your first post:

After a disconnection from the internet occurred, my mouse started move very slowly, and the computer was unresponsive. I had to use the reset switch in order to reboot

ESET Online Scanner:

Note: Use Internet Explorer for the scan and you will need to disable your current installed Anti-Virus for the duration, how to do so can be read here.

Windows 7 users: You will need to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

If you wish to use Google Chrome for the online scan, merely inform myself and I will provide alternate/the appropriate instructions for that etc.

  • Please go here to run the scan...
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.

Norman Malware Cleaner:

Please download Norman Malware Cleaner and save it to your Desktop.

Alternate download location here.

  • Right-click on Norman_Malware_Cleaner.exe and select Run as Administrator >> Accept.
  • Click on the Options tab >> General Options and deselect the following:
Enable Norman Protection Community

  • Now click on Cleaning Options and deselect the following:
Enable Cleaning
Quarantine objects before cleaning


  • Click on Apply >> then the Scan tab >> ensure the Quick scan is selected only.
  • Then click on Start
  • Once the scan has completed a log will be created on your desktop named: NFix_Year-Month-Day-Time.Log
  • Click on the Quit tab.
  • Post the aforementioned log in your next reply
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ESET Online Scanner Log.
  • Norman Malware Cleaner Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Trojan?

Unread postby pcparadise » March 8th, 2014, 2:34 pm

Downloading norman atm, quick question. Why is the download so big for a scanning tool? Is it a full featured AV?

EDIT: I would also like to use chrome instead if possible for ESET.
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby pcparadise » March 8th, 2014, 4:40 pm

No threats on either.
Logs:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=af54e843e9a9154cb7698d59eb5ec49e
# engine=17370
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-08 08:33:43
# local_time=2014-03-08 03:33:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 2337017 2337019 0 0
# compatibility_mode=5893 16776573 100 94 0 145854273 0 0
# scanned=137622
# found=0
# cleaned=0
# scan_time=2577
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm

Re: Trojan?

Unread postby pcparadise » March 8th, 2014, 4:40 pm

Norman Malware Cleaner v2.08.08
Copyright © 1990 - 2013, Norman Shark AS.

Norman Scanner Engine Version: 7.02.06
nvcbin.def: Version: 7.02.7361, Date: 2014/03/08 03:05:49, Variants: 26909004

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree /noclean /noquarantine

Scan started: 2014/03/08 15:39:42

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of files found: 487
Number of objects found: 3754
Number of objects scanned: 3754
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 10s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1s

Running quick scan...

Number of files found: 0
Number of archives unpacked: 0
Number of objects found: 0
Number of objects scanned: 0
Number of objects not scanned: 0
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 487
Total number of archives unpacked: 0
Total number of objects found: 3754
Total number of objects scanned: 3754
Total number of objects not scanned: 0
Total number of malicious objects found: 0
Total scanning time: 12s
pcparadise
Regular Member
 
Posts: 16
Joined: March 6th, 2014, 11:40 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware