Solved Win64/patched.a removal

azndiabolo · Nov 22, 2012

Hi! I encountered the Win64/Patched.A. virus yesterday when my AVG Anti-Virus free edition detected the threat in my Windows/System32/services.exe file. I am running on Windows 7 64-bit and would really appreciate some help in removing the virus. I looked at the other threads and it seems like the scripts are unique to each case so I started my own. Thank you for all the work you've done to help others!

azndiabolo · Nov 22, 2012

I looked at other threads and downloaded the FRST64.exe to run scans. However, I was not able to access the command prompt since my Lenovo y570 seems to come with a recovery environment with only the options to system restore, system configure, and virus scan. I ran the tool directly, but I'm not sure if the results were affected by me not being in a recovery environment. Here are the logs...

azndiabolo · Nov 22, 2012

FRST.txt (part 1)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by Enoch at 22-11-2012 16:43:39
Running from G:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2012-11-22 16:43 - 2012-11-22 16:43 - 00000000 ____D C:\FRST
2012-11-21 23:24 - 2012-11-21 23:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-21 22:58 - 2012-11-21 22:59 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-20 21:54 - 2012-11-20 21:54 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-11-20 21:53 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-11-20 21:53 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-11-20 21:53 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-11-20 21:53 - 2010-06-02 04:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-11-20 21:53 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-11-20 21:53 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-11-20 21:53 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-11-20 21:53 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-11-20 21:53 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-11-20 21:53 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-11-20 21:53 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-11-20 21:53 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-11-20 21:53 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-11-20 21:53 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-11-20 21:53 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-11-20 21:53 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-11-20 21:53 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-11-20 21:53 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-11-20 21:53 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-11-20 21:53 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-11-20 21:53 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-11-20 21:53 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-11-20 21:53 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-11-20 21:53 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-11-20 21:53 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-11-20 21:53 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-11-20 21:53 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-11-20 21:53 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-11-20 21:53 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-11-20 21:53 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-11-20 21:53 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-11-20 21:53 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-11-20 21:53 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-11-20 21:53 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-11-20 21:53 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-11-20 21:53 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-11-20 21:53 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-11-20 21:53 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-11-20 21:53 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-11-20 21:53 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-11-20 21:53 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-11-20 21:53 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-11-20 21:53 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-11-20 21:53 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-11-20 21:53 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-11-20 21:53 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-11-20 21:53 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-11-20 21:53 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-11-20 21:53 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-11-20 21:53 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-11-20 21:53 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-11-20 21:53 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-11-20 21:53 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-11-20 21:53 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-11-20 21:53 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-11-20 21:53 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-11-20 21:53 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-11-20 21:53 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-11-20 21:53 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-11-20 21:53 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-11-20 21:53 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-11-20 21:53 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-11-20 21:53 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-11-20 21:53 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-11-20 21:53 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-11-20 21:53 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-11-20 21:53 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-11-20 21:53 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-11-20 21:53 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-11-20 21:53 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-11-20 21:53 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-11-20 21:53 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-11-20 21:53 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-11-20 21:52 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-11-20 21:52 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-11-20 21:52 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-11-20 21:52 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-11-20 21:52 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-11-20 21:52 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-11-20 21:52 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-11-20 21:52 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-11-20 21:52 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-11-20 21:52 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-11-20 21:52 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-11-20 21:52 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-11-20 21:52 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-11-20 21:52 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-11-20 21:52 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-11-20 21:52 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-11-20 21:52 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-11-20 21:52 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-11-20 21:52 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-11-20 21:52 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-11-20 21:52 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-11-20 21:52 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-11-20 21:52 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-11-20 21:52 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-11-20 21:52 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-11-20 21:52 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-11-20 21:52 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-11-20 21:52 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-11-20 21:52 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-11-20 21:52 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-11-20 21:52 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-11-20 21:52 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-11-20 21:52 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-11-20 21:52 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-11-20 21:52 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-11-20 21:52 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-11-20 21:52 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-11-20 21:52 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-11-20 21:52 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-11-20 21:52 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-11-20 21:52 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-11-20 21:52 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-11-20 21:52 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-11-20 21:52 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-11-20 21:52 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-11-20 21:52 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-11-20 21:52 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-11-20 21:52 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-11-20 21:52 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-11-20 21:52 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-11-20 21:52 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-11-20 13:32 - 2012-11-20 13:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-20 13:32 - 2009-03-18 16:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2012-11-19 23:03 - 2012-11-19 23:03 - 00000000 ____D C:\Users\Enoch\Documents\Hitman Blood Money
2012-11-19 22:51 - 2012-11-19 22:51 - 00000000 ____D C:\Users\Enoch\AppData\Local\DDMSettings
2012-11-17 03:41 - 2012-11-17 03:44 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\ts3overlay_hook_win64
2012-11-17 03:41 - 2012-11-17 03:41 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\ts3overlay
2012-11-17 00:53 - 2012-11-20 21:54 - 00000000 ____D C:\Users\Enoch\AppData\Local\Sony Online Entertainment
2012-11-14 21:52 - 2012-11-14 22:21 - 00000000 ____D C:\Users\Enoch\GitHub
2012-11-14 20:02 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 20:02 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 20:02 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 20:02 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 20:01 - 2012-08-23 09:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-14 20:01 - 2012-08-23 09:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-14 20:01 - 2012-08-23 09:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2012-11-14 20:01 - 2012-08-23 09:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-14 20:01 - 2012-08-23 08:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-14 20:01 - 2012-08-23 08:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-14 20:01 - 2012-08-23 08:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-14 20:01 - 2012-08-23 08:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-14 20:01 - 2012-08-23 08:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-14 20:01 - 2012-08-23 08:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-14 20:01 - 2012-08-23 08:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-14 20:01 - 2012-08-23 08:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-14 20:01 - 2012-08-23 08:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-14 20:01 - 2012-08-23 07:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-14 20:01 - 2012-08-23 06:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-14 20:01 - 2012-08-23 06:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-14 20:01 - 2012-08-23 06:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-14 20:01 - 2012-08-23 06:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-14 20:01 - 2012-08-23 05:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-14 20:01 - 2012-08-23 05:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-14 20:01 - 2012-08-23 05:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-14 20:01 - 2012-08-23 05:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-14 20:01 - 2012-08-23 04:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-14 20:01 - 2012-08-23 03:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-14 20:01 - 2012-08-23 03:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-14 19:56 - 2012-10-08 07:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 19:56 - 2012-10-08 06:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 19:56 - 2012-10-08 06:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 19:56 - 2012-10-08 06:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 19:56 - 2012-10-08 06:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 19:56 - 2012-10-08 06:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 19:56 - 2012-10-08 06:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 19:56 - 2012-10-08 06:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 19:56 - 2012-10-08 06:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 19:56 - 2012-10-08 06:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 19:56 - 2012-10-08 06:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 19:56 - 2012-10-08 06:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 19:56 - 2012-10-08 06:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 19:56 - 2012-10-08 06:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 19:56 - 2012-10-08 06:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 19:56 - 2012-10-08 06:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 19:56 - 2012-10-08 03:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 19:56 - 2012-10-08 03:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 19:56 - 2012-10-08 02:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 19:56 - 2012-10-08 02:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 19:56 - 2012-10-08 02:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 19:56 - 2012-10-08 02:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 19:56 - 2012-10-08 02:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 19:56 - 2012-10-08 02:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 19:56 - 2012-10-08 02:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 19:56 - 2012-10-08 02:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 19:56 - 2012-10-08 02:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 19:56 - 2012-10-08 02:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 19:56 - 2012-10-08 02:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 19:56 - 2012-10-08 02:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 19:56 - 2012-10-08 02:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 19:56 - 2012-10-08 02:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 19:55 - 2012-11-14 19:55 - 00002909 ____A C:\Users\Enoch\Documents\Eclipse.lnk
2012-11-14 19:53 - 2012-11-20 13:47 - 00000000 ____D C:\Users\Enoch\Documents\eclipse
2012-11-14 19:51 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 19:51 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 19:51 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 19:51 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 19:51 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 19:51 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 19:51 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 19:51 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 19:50 - 2012-08-24 13:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-14 19:50 - 2012-08-24 13:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-14 19:50 - 2012-08-24 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-14 19:50 - 2012-08-24 13:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-14 19:50 - 2012-08-24 13:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-14 19:50 - 2012-08-24 11:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-14 19:50 - 2012-08-24 11:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-14 19:50 - 2012-08-24 11:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-14 19:50 - 2012-08-24 11:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-14 19:20 - 2012-10-18 13:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 19:20 - 2012-10-09 13:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 19:20 - 2012-10-09 13:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 19:20 - 2012-10-09 12:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 19:20 - 2012-10-09 12:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 19:20 - 2012-10-03 12:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 19:20 - 2012-10-03 12:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 19:20 - 2012-10-03 12:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 19:20 - 2012-10-03 12:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 19:20 - 2012-10-03 12:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 19:20 - 2012-10-03 12:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 19:20 - 2012-10-03 12:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 19:20 - 2012-10-03 11:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 19:20 - 2012-10-03 11:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 19:20 - 2012-10-03 11:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 19:20 - 2012-10-03 11:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 19:20 - 2012-01-13 02:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 19:19 - 2012-09-25 17:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 19:19 - 2012-09-25 17:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 13:29 - 2012-11-16 00:26 - 00000000 ____D C:\Users\Enoch\AppData\Local\Eclipse
2012-11-14 13:19 - 2012-11-14 21:48 - 00000000 ____D C:\Users\Enoch\Documents\GitHub
2012-11-14 13:19 - 2012-11-14 20:18 - 00000000 ____D C:\Users\Enoch\AppData\Local\GitHub
2012-11-14 13:19 - 2012-11-14 13:19 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\GitHub
2012-11-14 13:17 - 2012-11-14 22:08 - 00000000 ____D C:\Users\Enoch\AppData\Local\Deployment
2012-11-14 13:17 - 2012-11-14 13:17 - 00000000 ____D C:\Users\Enoch\AppData\Local\Apps\2.0
2012-11-13 15:29 - 2012-11-13 15:29 - 00354216 ____A (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2012-11-10 03:45 - 2012-11-10 03:45 - 00001290 ____A C:\Users\Enoch\keyStoreLocation
2012-11-09 21:49 - 2012-11-09 21:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-09 16:10 - 2012-11-09 16:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-08 15:23 - 2012-11-08 15:23 - 00000000 ____D C:\Users\Enoch\AppData\Local\Macromedia
2012-11-08 14:48 - 2012-11-19 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Users\Enoch\AppData\Local\Mozilla
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-05 15:58 - 2012-11-05 15:58 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\AVG
2012-11-05 15:57 - 2012-11-05 15:59 - 00000000 ____D C:\Users\All Users\AVG
2012-11-05 15:57 - 2012-11-05 15:57 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-04 02:29 - 2012-11-04 02:29 - 00001526 ____A C:\Users\UpdatusUser\Desktop\Cobalt.lnk
2012-11-03 00:34 - 2012-11-03 00:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01001.Wdf
2012-11-03 00:04 - 2012-11-03 00:05 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-10-29 23:06 - 2012-10-29 23:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-10-29 23:02 - 2012-10-30 22:05 - 00000000 ____D C:\Program Files\MotioninJoy
2012-10-29 23:02 - 2012-10-29 23:02 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\MotioninJoy
2012-10-29 23:02 - 2011-11-10 17:32 - 00115272 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-10-29 23:02 - 2010-08-19 18:24 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-10-29 23:02 - 2010-08-19 18:24 - 00074960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
2012-10-29 23:02 - 2010-05-03 15:12 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-10-28 19:37 - 2012-10-28 20:53 - 00000000 ____D C:\Users\Enoch\Documents\Bethany
2012-10-28 18:22 - 2012-10-28 18:22 - 00262144 ____A C:\Windows\Minidump\102812-50045-01.dmp
2012-10-25 03:12 - 2012-10-25 03:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-25 03:12 - 2012-10-25 03:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

(to be continued...)

azndiabolo · Nov 22, 2012

FRST.txt (Part 2)

==================== One Month Modified Files and Folders =======

2012-11-22 16:43 - 2012-11-22 16:43 - 00000000 ____D C:\FRST
2012-11-22 16:42 - 2012-10-04 22:55 - 00000000 ____D C:\Users\Enoch\AppData\Local\LogMeIn Hamachi
2012-11-22 16:42 - 2012-03-21 22:59 - 00000000 ___RD C:\Users\Enoch\Dropbox
2012-11-22 16:42 - 2012-03-21 22:58 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Dropbox
2012-11-22 16:42 - 2012-03-20 21:39 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-22 16:42 - 2012-01-31 11:53 - 00367754 ____A C:\Windows\System32\fastboot.set
2012-11-22 16:42 - 2012-01-31 11:46 - 00000000 ____D C:\Users\All Users\VeriFace
2012-11-22 16:41 - 2012-01-31 11:46 - 01157789 ____A C:\FaceProv.log
2012-11-22 16:41 - 2012-01-31 11:39 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-22 16:41 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-22 16:41 - 2009-07-13 23:51 - 00079629 ____A C:\Windows\setupact.log
2012-11-22 16:35 - 2009-07-13 23:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-22 16:35 - 2009-07-13 23:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-22 16:14 - 2012-03-20 21:09 - 00000000 ____D C:\Users\Enoch\Downloads\Setup Files
2012-11-22 16:12 - 2009-07-14 00:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-22 16:07 - 2012-01-31 11:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-22 14:20 - 2012-04-09 13:09 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001UA.job
2012-11-22 14:01 - 2012-01-31 10:45 - 01872522 ____A C:\Windows\WindowsUpdate.log
2012-11-22 14:00 - 2012-04-12 18:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-22 13:53 - 2012-05-22 07:14 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-22 13:52 - 2012-05-22 07:05 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-21 23:24 - 2012-11-21 23:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-21 23:02 - 2012-03-29 21:12 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\uTorrent
2012-11-21 23:00 - 2012-03-29 21:46 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\vlc
2012-11-21 22:59 - 2012-11-21 22:58 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-21 11:51 - 2012-03-20 21:30 - 00000000 ____D C:\Users\Enoch\AppData\Local\Spotify
2012-11-21 11:15 - 2012-03-20 21:30 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Spotify
2012-11-20 22:31 - 2012-04-17 21:09 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Skype
2012-11-20 21:54 - 2012-11-20 21:54 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2012-11-20 21:54 - 2012-11-17 00:53 - 00000000 ____D C:\Users\Enoch\AppData\Local\Sony Online Entertainment
2012-11-20 21:53 - 2012-01-31 11:49 - 00287241 ____A C:\Windows\DirectX.log
2012-11-20 21:29 - 2012-04-09 13:09 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001Core.job
2012-11-20 16:37 - 2012-09-27 23:07 - 00000000 ____D C:\Users\Enoch\AppData\Local\Solid State Networks
2012-11-20 13:47 - 2012-11-14 19:53 - 00000000 ____D C:\Users\Enoch\Documents\eclipse
2012-11-20 13:32 - 2012-11-20 13:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-19 23:03 - 2012-11-19 23:03 - 00000000 ____D C:\Users\Enoch\Documents\Hitman Blood Money
2012-11-19 22:51 - 2012-11-19 22:51 - 00000000 ____D C:\Users\Enoch\AppData\Local\DDMSettings
2012-11-19 22:51 - 2012-08-08 21:31 - 00000000 ____D C:\Users\All Users\DivX
2012-11-19 22:32 - 2012-11-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-19 22:32 - 2012-08-08 21:33 - 00000000 ____D C:\Program Files (x86)\DivX
2012-11-19 22:31 - 2012-08-08 21:33 - 00000000 ____D C:\Program Files\DivX
2012-11-18 22:16 - 2012-10-08 21:56 - 00000000 ____D C:\Users\Enoch\AppData\Local\dxhr
2012-11-17 04:19 - 2012-09-11 21:10 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\TS3Client
2012-11-17 03:44 - 2012-11-17 03:41 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\ts3overlay_hook_win64
2012-11-17 03:41 - 2012-11-17 03:41 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\ts3overlay
2012-11-17 03:29 - 2012-09-11 21:10 - 00000000 ____D C:\Users\Enoch\AppData\Local\TeamSpeak 3 Client
2012-11-17 01:12 - 2012-05-22 13:37 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Sublime Text 2
2012-11-17 00:40 - 2012-04-12 18:04 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-17 00:40 - 2012-03-23 18:34 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-17 00:40 - 2012-03-21 22:15 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-16 00:26 - 2012-11-14 13:29 - 00000000 ____D C:\Users\Enoch\AppData\Local\Eclipse
2012-11-15 10:33 - 2012-03-20 21:03 - 00000000 ____D C:\Users\Enoch\Stuff
2012-11-15 09:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-11-14 22:25 - 2012-03-20 21:07 - 00000000 ____D C:\Users\Enoch\workspace
2012-11-14 22:21 - 2012-11-14 21:52 - 00000000 ____D C:\Users\Enoch\GitHub
2012-11-14 22:08 - 2012-11-14 13:17 - 00000000 ____D C:\Users\Enoch\AppData\Local\Deployment
2012-11-14 21:52 - 2012-03-20 20:47 - 00000000 ____D C:\users\Enoch
2012-11-14 21:48 - 2012-11-14 13:19 - 00000000 ____D C:\Users\Enoch\Documents\GitHub
2012-11-14 20:18 - 2012-11-14 13:19 - 00000000 ____D C:\Users\Enoch\AppData\Local\GitHub
2012-11-14 20:18 - 2012-09-03 21:59 - 00000000 ____D C:\Users\Enoch\.ssh
2012-11-14 20:16 - 2012-03-20 20:52 - 00127936 ____A C:\Users\Enoch\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 20:14 - 2009-07-13 23:45 - 05019256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 20:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-14 20:05 - 2012-03-20 21:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 19:55 - 2012-11-14 19:55 - 00002909 ____A C:\Users\Enoch\Documents\Eclipse.lnk
2012-11-14 19:52 - 2012-03-22 00:19 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 19:51 - 2009-07-13 21:34 - 00000502 ____A C:\Windows\win.ini
2012-11-14 13:19 - 2012-11-14 13:19 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\GitHub
2012-11-14 13:17 - 2012-11-14 13:17 - 00000000 ____D C:\Users\Enoch\AppData\Local\Apps\2.0
2012-11-13 15:29 - 2012-11-13 15:29 - 00354216 ____A (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2012-11-12 21:32 - 2012-07-17 22:03 - 00000000 ____D C:\Users\Enoch\Documents\UMCP
2012-11-12 12:09 - 2010-11-20 22:47 - 00029616 ____A C:\Windows\PFRO.log
2012-11-10 11:37 - 2012-03-21 22:36 - 00000000 ____D C:\Users\Enoch\AppData\Local\Adobe
2012-11-10 11:37 - 2012-03-21 22:16 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-10 03:45 - 2012-11-10 03:45 - 00001290 ____A C:\Users\Enoch\keyStoreLocation
2012-11-09 21:49 - 2012-11-09 21:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-09 16:10 - 2012-11-09 16:10 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-09 16:10 - 2012-05-07 19:14 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-11-09 16:10 - 2012-05-07 19:14 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-11-09 16:10 - 2012-05-07 19:13 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-09 16:10 - 2012-05-07 19:13 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-09 16:10 - 2012-03-20 22:56 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-11-09 03:59 - 2012-09-03 21:57 - 00000000 ____D C:\Users\Enoch\workspace-cmsc132
2012-11-08 15:23 - 2012-11-08 15:23 - 00000000 ____D C:\Users\Enoch\AppData\Local\Macromedia
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Users\Enoch\AppData\Local\Mozilla
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-08 14:48 - 2012-11-08 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-08 14:48 - 2012-03-25 20:59 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Mozilla
2012-11-05 17:07 - 2012-05-22 07:13 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-05 16:17 - 2012-04-02 08:54 - 00000000 ____D C:\Program Files (x86)\Origin
2012-11-05 16:06 - 2012-01-31 11:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-11-05 15:59 - 2012-11-05 15:57 - 00000000 ____D C:\Users\All Users\AVG
2012-11-05 15:58 - 2012-11-05 15:58 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\AVG
2012-11-05 15:57 - 2012-11-05 15:57 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-04 16:45 - 2012-04-08 19:28 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Apple Computer
2012-11-04 16:25 - 2012-07-11 20:44 - 00000000 ____D C:\Users\Enoch\Documents\Cobalt
2012-11-04 02:29 - 2012-11-04 02:29 - 00001526 ____A C:\Users\UpdatusUser\Desktop\Cobalt.lnk
2012-11-04 02:29 - 2012-03-21 23:37 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-11-04 02:29 - 2012-03-21 23:37 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-11-04 02:29 - 2012-03-21 23:37 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-11-04 02:29 - 2012-03-21 23:37 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-11-03 00:34 - 2012-11-03 00:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01001.Wdf
2012-11-03 00:05 - 2012-11-03 00:04 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-11-02 00:30 - 2012-04-03 13:31 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-11-02 00:30 - 2012-04-02 11:15 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-10-30 22:05 - 2012-10-29 23:02 - 00000000 ____D C:\Program Files\MotioninJoy
2012-10-30 20:09 - 2012-03-21 22:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-10-30 20:08 - 2012-03-21 22:44 - 00000000 ____D C:\Program Files\Adobe
2012-10-30 20:05 - 2012-03-20 20:57 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\Adobe
2012-10-30 13:19 - 2012-03-20 21:18 - 00000000 ____D C:\Users\Enoch\AppData\Local\Google
2012-10-29 23:06 - 2012-10-29 23:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-10-29 23:02 - 2012-10-29 23:02 - 00000000 ____D C:\Users\Enoch\AppData\Roaming\MotioninJoy
2012-10-29 14:50 - 2012-03-20 21:10 - 00000000 ____D C:\Users\Enoch\Documents\Webs
2012-10-28 20:53 - 2012-10-28 19:37 - 00000000 ____D C:\Users\Enoch\Documents\Bethany
2012-10-28 18:22 - 2012-10-28 18:22 - 00262144 ____A C:\Windows\Minidump\102812-50045-01.dmp
2012-10-28 18:22 - 2012-07-27 04:02 - 00000000 ____D C:\Windows\Minidump
2012-10-25 23:20 - 2012-09-27 23:06 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment
2012-10-25 03:12 - 2012-10-25 03:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-25 03:12 - 2012-10-25 03:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

ZeroAccess:
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L\00000004.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L\201d3dde
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\00000004.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\00000008.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\000000cb.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000000.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000032.@
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8135.86 MB
Available physical RAM: 5873.82 MB
Total Pagefile: 16269.91 MB
Available Pagefile: 13852.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:1.88 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:25.7 GB) NTFS
5 Drive g: (ENOCH'S 16G) (Removable) (Total:15.17 GB) (Free:2.65 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 421 GB 201 MB
Partition 0 Extended 28 GB 422 GB
Partition 4 Logical 28 GB 422 GB
Partition 3 OEM 14 GB 451 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 NTFS Partition 200 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 421 GB Healthy Boot

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D LENOVO NTFS Partition 28 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 24 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G ENOCH'S 16G FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-11-15 09:27

==================== End Of Log =============================

azndiabolo · Nov 22, 2012

And finally, Search.txt

Farbar Recovery Scan Tool (x64) Version: 18-11-2012
Ran by Enoch at 2012-11-22 16:45:51
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Broni · Nov 22, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

azndiabolo · Nov 22, 2012

Thanks for the response! Here's the MBAM log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.22.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Enoch :: ENOCH-LENOVO [administrator]

11/22/2012 10:04:41 PM
mbam-log-2012-11-22 (22-04-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235220
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
DDS logs coming soon!

azndiabolo · Nov 22, 2012

DDS.txt Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Enoch at 23:12:32 on 2012-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.4590 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Apache\bin\httpd.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Users\Enoch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Apache\bin\ApacheMonitor.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Users\Enoch\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Spotify Web Helper] "C:\Users\Enoch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [googletalk] C:\Users\Enoch\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe -1
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Enoch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Enoch\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Apache\bin\ApacheMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{916500CF-9364-416E-8C86-1A98C10B3CC7} : DHCPNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{E95B6498-EA7D-43B5-94A8-065512EF2B55} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E95B6498-EA7D-43B5-94A8-065512EF2B55}\57D646 : DHCPNameServer = 128.8.76.2 128.8.74.2
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll prio32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 255.255.255.255broadcasthost
Hosts: 10.108.234.211localhost
Hosts: 216.52.115.120build.frewebs.com
Hosts: 216.52.115.100confluence.freewebs.com
Hosts: 10.1.0.12nexus.freewebs.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Enoch\AppData\Roaming\Mozilla\Firefox\Profiles\fmkxmx47.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Enoch\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Enoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-08 13:53; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-11-23 03:45:03--------d-----w-C:\Users\Enoch\AppData\Local\Western Digital
2012-11-23 03:03:57--------d-----w-C:\Users\Enoch\AppData\Roaming\Malwarebytes
2012-11-23 03:03:29--------d-----w-C:\ProgramData\Malwarebytes
2012-11-23 03:03:2825928----a-w-C:\windows\System32\drivers\mbam.sys
2012-11-23 03:03:27--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-22 21:43:23--------d-----w-C:\FRST
2012-11-22 04:24:46--------d-sh--w-C:\windows\SysWow64\%APPDATA%
2012-11-22 03:59:06220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-22 03:58:58--------d-----w-C:\Program Files (x86)\Mega Codec Pack
2012-11-21 02:52:58506728----a-w-C:\windows\System32\d3dx10_34.dll
2012-11-20 18:32:0733856---ha-w-C:\windows\System32\hamachi.sys
2012-11-20 18:32:00--------d-----w-C:\Program Files (x86)\LogMeIn Hamachi
2012-11-20 03:51:39--------d-----w-C:\Users\Enoch\AppData\Local\DDMSettings
2012-11-17 08:41:58--------d-----w-C:\Users\Enoch\AppData\Roaming\ts3overlay_hook_win64
2012-11-17 08:41:58--------d-----w-C:\Users\Enoch\AppData\Roaming\ts3overlay
2012-11-17 05:53:23--------d-----w-C:\Users\Enoch\AppData\Local\Sony Online Entertainment
2012-11-15 02:52:42--------d-----w-C:\Users\Enoch\GitHub
2012-11-15 01:02:339728----a-w-C:\windows\System32\Wdfres.dll
2012-11-15 01:02:33785512----a-w-C:\windows\System32\drivers\Wdf01000.sys
2012-11-15 01:02:3354376----a-w-C:\windows\System32\drivers\WdfLdr.sys
2012-11-15 01:02:332560----a-w-C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 00:51:4687040----a-w-C:\windows\System32\drivers\WUDFPf.sys
2012-11-15 00:51:46198656----a-w-C:\windows\System32\drivers\WUDFRd.sys
2012-11-15 00:51:4584992----a-w-C:\windows\System32\WUDFSvc.dll
2012-11-15 00:51:45744448----a-w-C:\windows\System32\WUDFx.dll
2012-11-15 00:51:4545056----a-w-C:\windows\System32\WUDFCoinstaller.dll
2012-11-15 00:51:45229888----a-w-C:\windows\System32\WUDFHost.exe
2012-11-15 00:51:45194048----a-w-C:\windows\System32\WUDFPlatform.dll
2012-11-15 00:50:41340992----a-w-C:\windows\System32\schannel.dll
2012-11-15 00:50:41247808----a-w-C:\windows\SysWow64\schannel.dll
2012-11-15 00:50:4096768----a-w-C:\windows\SysWow64\sspicli.dll
2012-11-15 00:50:40458712----a-w-C:\windows\System32\drivers\cng.sys
2012-11-15 00:50:40307200----a-w-C:\windows\System32\ncrypt.dll
2012-11-15 00:50:40220160----a-w-C:\windows\SysWow64\ncrypt.dll
2012-11-15 00:50:4022016----a-w-C:\windows\SysWow64\secur32.dll
2012-11-15 00:50:40154480----a-w-C:\windows\System32\drivers\ksecpkg.sys
2012-11-15 00:50:401448448----a-w-C:\windows\System32\lsasrv.dll
2012-11-15 00:19:4595744----a-w-C:\windows\System32\synceng.dll
2012-11-15 00:19:4578336----a-w-C:\windows\SysWow64\synceng.dll
2012-11-14 18:29:52--------d-----w-C:\Users\Enoch\AppData\Local\Eclipse
2012-11-14 18:19:44--------d-----w-C:\Users\Enoch\AppData\Roaming\GitHub
2012-11-14 18:19:40--------d-----w-C:\Users\Enoch\AppData\Local\GitHub
2012-11-14 18:17:39--------d-----w-C:\Users\Enoch\AppData\Local\Apps
2012-11-14 18:17:38--------d-----w-C:\Users\Enoch\AppData\Local\Deployment
2012-11-13 20:29:04354216----a-w-C:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 02:49:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-09 21:10:1195208----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-08 20:23:11--------d-----w-C:\Users\Enoch\AppData\Local\Macromedia
2012-11-05 20:58:40--------d-----w-C:\Users\Enoch\AppData\Roaming\AVG
2012-11-05 20:57:47--------d-----w-C:\ProgramData\AVG
2012-11-05 20:57:43--------d-sh--w-C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-03 05:04:56--------d-----w-C:\Program Files\Microsoft Xbox 360 Accessories
2012-10-30 04:02:1874960----a-w-C:\windows\System32\drivers\xusb21.sys
2012-10-30 04:02:18328712----a-w-C:\windows\System32\MijFrc.dll
2012-10-30 04:02:181721576----a-w-C:\windows\System32\WdfCoInstaller01009.dll
2012-10-30 04:02:18115272----a-w-C:\windows\System32\drivers\MijXfilt.sys
2012-10-30 04:02:18--------d-----w-C:\Users\Enoch\AppData\Roaming\MotioninJoy
2012-10-30 04:02:18--------d-----w-C:\Program Files\MotioninJoy
2012-10-28 23:59:05--------d-----w-C:\Users\Enoch\AppData\Local\ElevatedDiagnostics
2012-10-25 08:12:2694208----a-w-C:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:2669632----a-w-C:\windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2012-11-17 05:40:0673656----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 05:40:06697272----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 21:10:07821736----a-w-C:\windows\SysWow64\npDeployJava1.dll
2012-11-09 21:10:07746984----a-w-C:\windows\SysWow64\deployJava1.dll
2012-11-04 07:29:52466456----a-w-C:\windows\System32\wrap_oal.dll
2012-11-04 07:29:52444952----a-w-C:\windows\SysWow64\wrap_oal.dll
2012-11-04 07:29:52122904----a-w-C:\windows\System32\OpenAL32.dll
2012-11-04 07:29:52109080----a-w-C:\windows\SysWow64\OpenAL32.dll
2012-11-02 05:30:13298016----a-w-C:\windows\SysWow64\PnkBstrB.xtr
2012-11-02 05:30:13298016----a-w-C:\windows\SysWow64\PnkBstrB.exe
2012-10-23 03:11:24281520----a-w-C:\windows\SysWow64\PnkBstrB.ex0
2012-10-18 18:25:583149824----a-w-C:\windows\System32\win32k.sys
2012-10-09 18:17:1355296----a-w-C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\windows\System32\drivers\tcpipreg.sys
2012-09-14 19:19:292048----a-w-C:\windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:351659760----a-w-C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\windows\SysWow64\ntoskrnl.exe
2012-08-27 23:40:004204272----a-w-C:\windows\SysWow64\GameMon.des
.
============= FINISH: 23:14:23.45 ===============

azndiabolo · Nov 22, 2012

Attach.txt Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2012 9:47:24 PM
System Uptime: 11/22/2012 10:21:31 PM (1 hours ago)
.
Motherboard: LENOVO | | Base Board Product Name
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU1 | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 422 GiB total, 1.328 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 25.697 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 255.255.255.255broadcasthost
Hosts: 10.108.234.211localhost
Hosts: 216.52.115.120build.frewebs.com
Hosts: 216.52.115.100confluence.freewebs.com
Hosts: 10.1.0.12nexus.freewebs.com
Hosts: 10.108.234.211local.members.webs.com
Hosts: 10.108.234.211local.www.webs.com
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20 (x64 edition)
A New Zero
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.4 64-bit
Adobe Reader X (10.1.4)
AirBuccaneers
Apache HTTP Server 2.2.22
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
ARIA Engine v1.0.9.8
Audacity 2.0
AVG 2012
Awesomenauts
Bastion
Batman: Arkham Asylum GOTY Edition
Battlefield 3™
Battlelog Web Plugins
BF3 Borderless
BF3 Settings Editor
Blacklight: Retribution
Bonjour
Borderlands
Borderlands 2
BOSS
Broadcom Gigabit NetLink Controller
Broadcom InConcert Maestro
Capsule
Cargo Commander
Cobalt
Crysis
CutePDF Writer 2.8
Cyberduck 4.2.1 (9350)
CyberLink PhotoNow
CyberLink PowerDirector
D3DX10
DAEMON Tools Lite
Darwinia
Deus Ex: Game of the Year Edition
Deus Ex: Human Revolution
Dexpot
DivX Setup
Dropbox
DVD Flick 1.3.0.7
Energy Management
ESN Sonar
EVEREST Home Edition v2.20
Evernote v. 4.5.10
Explorer Suite III
FFmpeg v0.6.2 for Audacity
Finale 2011
Fraps (remove only)
Free Video Dub version 2.0.8.508
Frozen Synapse
gamelauncher-code4344-beta
gamelauncher-ps2-live
Garritan ARIA Player v1.02
Garritan Instruments for Finale
Gemini Rue
GitHub
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hawken
Hi-Rez Studios Authenticate and Update Service
Hitman: Blood Money
HP Officejet 6600 Basic Device Software
I.R.I.S. OCR
iCloud
ImgBurn
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Intrusion 2
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 31 (64-bit)
Java(TM) 7 Update 3 (64-bit)
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
JavaFX 2.1.0
JMicron Flash Media Controller Driver
jMonkeyEngine SDK
Junk Mail filter update
LAME v3.99.3 (for Windows)
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EE Boot Optimizer
Lenovo Games Console
Lenovo OneKey Recovery
Lenovo R.I.C. (Robust Intelligent Companion)
Lenovo YouCam
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware version 1.65.1.1000
Mass Effect
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.1
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MotioninJoy DS3 driver version 0.6.0005
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
Nexus Mod Manager
Nimbus
Nuclear Dawn
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 304.79
NVIDIA Control Panel 304.79
NVIDIA Graphics Driver 304.79
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
Onekey Theater
ooVoo
OpenAL
Origin
Panasonic Multi-Function Station software
PDF Settings CS5
PlanetSide 2
PlanetSide 2 Beta
Portal
Power2Go
Prio
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Section 8: Prejudice
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SharpKeys
Skype™ 5.10
SmartSound Quicktracks Plugin
Spotify
SRS Control Panel
Star Wars - Jedi Knight II: Jedi Outcast
Starcraft
StarCraft II
Steam
Sublime Text 2.0.1
Super Crate Box
Synaptics Pointing Device Driver
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Elder Scrolls V: Skyrim
Tribes Ascend Open Beta
Tribes: Ascend
Trine 2
Tunngle beta
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UserGuide
VC80CRTRedist - 8.0.50727.6195
VeriFace
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.4
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
11/22/2012 5:00:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/22/2012 4:19:51 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/22/2012 4:19:51 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
11/22/2012 4:19:51 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The pipe has been ended.
11/22/2012 4:19:43 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/22/2012 2:05:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
11/22/2012 12:30:55 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/22/2012 10:25:24 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/22/2012 10:25:24 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
11/22/2012 10:25:18 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/22/2012 10:23:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
11/22/2012 10:23:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/22/2012 10:22:56 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/22/2012 10:22:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/22/2012 10:00:06 PM, Error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/21/2012 9:17:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/21/2012 9:17:04 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 11:21:37 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/20/2012 1:32:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
11/20/2012 1:32:08 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/20/2012 1:32:07 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/15/2012 9:09:28 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 258
11/15/2012 9:09:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Service service to connect.
11/15/2012 9:09:15 AM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Nov 22, 2012

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

azndiabolo · Nov 22, 2012

Just an update with behavior, AVG periodically gives me popups telling me about its detection of the virus and when I open my browser initially the virus (I'm assuming) tries redirecting it to some page, but only once. Going to follow your next set of instructions now, thanks for your help!!

azndiabolo · Nov 22, 2012

Also, sorry if this is irrelevant, but AVG seems to remember that it's been finding this virus and popups appear a scan of any sort scans over the services.exe file. In case that sheds any light on the situation? Any scan from FRST to MBAM to MBAR.

//Edit/Update: redirecting in my browser continues to occur, though infrequently.

Broni · Nov 22, 2012

Did you read my previous reply?

azndiabolo · Nov 22, 2012

Yessir, MBAR is still in the process of running its first scan, I will post logs after I've verified with MBAR that no more threat remains, as you instructed. Sorry for the extraneous posts!

azndiabolo · Nov 23, 2012

MBAR reports clean! First run picked up about 14 malware I think. Second one came clean. Here are the logs:

mbar-log-2012-11-23 (00-34-47)

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Enoch :: ENOCH-LENOVO [administrator]

11/23/2012 12:34:47 AM
mbar-log-2012-11-23 (00-34-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28145
Time elapsed: 18 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8531066880, free: 4415303680
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8531066880, free: 4387921920
------------ Kernel report ------------
11/22/2012 23:35:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\fbfmon.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\winioex.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\BPntDrv.sys
\SystemRoot\system32\drivers\BOOTVID.dll
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ahv3lx3z.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\delayman.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\MijXfilt.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bef790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000092\
Lower Device Object: 0xfffffa800aedca20
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007e1e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007c08050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.23.01
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007e1e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007e24330, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007e247e0, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8007e1e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007c08050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00f5bb750, 0xfffffa8007e1e790, 0xfffffa800e66e790
Lower DeviceData: 0xfffff8a010cca750, 0xfffffa8007c08050, 0xfffffa8008063260
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6FBCC431
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 409600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 411648 Numsec = 884609024
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 885020672 Numsec = 60809216
Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 945829888 Numsec = 30943280
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bef790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800aed78f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bef790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800aedca20, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00584d4d0, 0xfffffa8007bef790, 0xfffffa800dec0790
Lower DeviceData: 0xfffff8a010ca8d10, 0xfffffa800aedca20, 0xfffffa800e8cf610
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 48 Numsec = 31846352
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 16305356800 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\AVG2012\Chjw\4a644d03644cf2ed.dat" is sparse (flags = 32768)
Read File: File "C:\ProgramData\AVG2012\Chjw\fa7aa76f7aa726fb.dat" is sparse (flags = 32768)
Read File: File "C:\ProgramData\AVG2012\log\avgcore.log.1" is compressed (flags = 1)
Infected: C:\Windows\System32\services.exe --> [Rootkit.0Access]
Backup file found for a file C:\Windows\System32\services.exe
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L\00000004.@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\00000004.@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\00000008.@ --> [Trojan.Dropper.BCMiner]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\000000cb.@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000000.@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000032.@ --> [Rootkit.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U\80000064.@ --> [Backdoor.0Access]
Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\L\201d3dde --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{e435821b-26af-ee0a-8c22-309d5dc7c7ca}\U --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8531066880, free: 6703685632
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8531066880, free: 6233075712
------------ Kernel report ------------
11/23/2012 00:15:48
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\fbfmon.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\winioex.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\BPntDrv.sys
\SystemRoot\system32\drivers\BOOTVID.dll
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\afinm0zk.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\delayman.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\MijXfilt.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800b17c440
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000092\
Lower Device Object: 0xfffffa800b2a2b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007e02790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007be9050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007e02790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007e022c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007e087e0, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8007e02790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007be9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0056e8f50, 0xfffffa8007e02790, 0xfffffa8007318790
Lower DeviceData: 0xfffff8a00321d750, 0xfffffa8007be9050, 0xfffffa8007485e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6FBCC431
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 409600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 411648 Numsec = 884609024
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 885020672 Numsec = 60809216
Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 945829888 Numsec = 30943280
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b17c440, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b2a3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b17c440, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b2a2b60, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00573af20, 0xfffffa800b17c440, 0xfffffa8007312790
Lower DeviceData: 0xfffff8a00daeade0, 0xfffffa800b2a2b60, 0xfffffa800d730930
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 48 Numsec = 31846352
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 16305356800 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\AVG2012\Chjw\4a644d03644cf2ed.dat" is sparse (flags = 32768)
Read File: File "C:\ProgramData\AVG2012\Chjw\fa7aa76f7aa726fb.dat" is sparse (flags = 32768)
Done!
Scan finished
=======================================

Broni · Nov 23, 2012

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

azndiabolo · Nov 23, 2012

RKreport[1]_S_11232012_02d0054.txt

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Enoch [Admin rights]
Mode : Scan -- Date : 11/23/2012 00:54:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[TASK][ROGUE ST] 2 : C:\Program Files (x86)\Dexpot\autodex.exe run "C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe" -> FOUND
[TASK][ROGUE ST] 3 : C:\Program Files (x86)\Dexpot\autodex.exe run "C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe" -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

255.255.255.255broadcasthost
10.108.234.211localhost
216.52.115.120build.frewebs.com
216.52.115.100confluence.freewebs.com
10.1.0.12nexus.freewebs.com
10.108.234.211local.members.webs.com
10.108.234.211local.www.webs.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 7719c15a7d6392f17dde8ab6acee8d43
[BSP] e1482cf154b57f7e38a42fcf95eb117e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: CENTON DS Pro USB Device +++++
--- User ---
[MBR] 84c56fea9f085b0f27c54de4454a9295
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 48 | Size: 15549 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11232012_02d0054.txt >>
RKreport[1]_S_11232012_02d0054.txt

RKreport[2]_D_11232012_02d0054.txt

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Enoch [Admin rights]
Mode : Remove -- Date : 11/23/2012 00:54:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][ROGUE ST] 2 : C:\Program Files (x86)\Dexpot\autodex.exe run "C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe" -> DELETED
[TASK][ROGUE ST] 3 : C:\Program Files (x86)\Dexpot\autodex.exe run "C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

255.255.255.255broadcasthost
10.108.234.211localhost
216.52.115.120build.frewebs.com
216.52.115.100confluence.freewebs.com
10.1.0.12nexus.freewebs.com
10.108.234.211local.members.webs.com
10.108.234.211local.www.webs.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 7719c15a7d6392f17dde8ab6acee8d43
[BSP] e1482cf154b57f7e38a42fcf95eb117e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: CENTON DS Pro USB Device +++++
--- User ---
[MBR] 84c56fea9f085b0f27c54de4454a9295
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 48 | Size: 15549 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11232012_02d0054.txt >>
RKreport[1]_S_11232012_02d0054.txt ; RKreport[2]_D_11232012_02d0054.txt

azndiabolo · Nov 23, 2012

aswMBR.txt Log!

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 00:57:18
-----------------------------
00:57:18.031 OS Version: Windows x64 6.1.7601 Service Pack 1
00:57:18.031 Number of processors: 8 586 0x2A07
00:57:18.032 ComputerName: ENOCH-LENOVO UserName: Enoch
00:57:19.608 Initialize success
01:02:14.296 AVAST engine defs: 12112201
01:02:20.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:02:20.694 Disk 0 Vendor: ST950032 0011 Size: 476940MB BusType: 3
01:02:20.717 Disk 0 MBR read successfully
01:02:20.718 Disk 0 MBR scan
01:02:20.736 Disk 0 Windows 7 default MBR code
01:02:20.751 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
01:02:20.758 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
01:02:20.761 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
01:02:20.799 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
01:02:20.832 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
01:02:20.880 Disk 0 scanning C:\windows\system32\drivers
01:02:36.541 Service scanning
01:03:05.513 Modules scanning
01:03:05.518 Disk 0 trace - called modules:
01:03:05.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
01:03:05.553 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e02790]
01:03:05.556 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007be9050]
01:03:06.512 AVAST engine scan C:\windows
01:03:12.126 AVAST engine scan C:\windows\system32
01:08:30.541 AVAST engine scan C:\windows\system32\drivers
01:08:49.950 AVAST engine scan C:\Users\Enoch
01:47:39.461 AVAST engine scan C:\ProgramData
01:57:58.087 Scan finished successfully
01:59:23.945 Disk 0 MBR has been saved successfully to "C:\Users\Enoch\Desktop\MBR.dat"
01:59:23.948 The log file has been saved successfully to "C:\Users\Enoch\Desktop\aswMBR.txt"

Broni · Nov 23, 2012

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

azndiabolo · Nov 23, 2012

ComboFix.txt log!

ComboFix 12-11-23.02 - Enoch 11/23/2012 13:59:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.5404 [GMT -5:00]
Running from: c:\users\Enoch\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 19:07 . 2012-11-23 19:07--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-11-23 19:07 . 2012-11-23 19:07--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-23 03:45 . 2012-11-23 03:45--------d-----w-c:\users\Enoch\AppData\Local\Western Digital
2012-11-23 03:03 . 2012-11-23 03:03--------d-----w-c:\users\Enoch\AppData\Roaming\Malwarebytes
2012-11-23 03:03 . 2012-11-23 03:03--------d-----w-c:\programdata\Malwarebytes
2012-11-23 03:03 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-23 03:03 . 2012-11-23 03:03--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-22 21:43 . 2012-11-22 21:43--------d-----w-C:\FRST
2012-11-22 04:24 . 2012-11-22 04:24--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-11-22 03:59 . 2012-11-22 03:59220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-22 03:58 . 2012-11-22 03:59--------d-----w-c:\program files (x86)\Mega Codec Pack
2012-11-21 02:54 . 2012-11-21 02:54--------d-----w-c:\users\Public\Sony Online Entertainment
2012-11-21 02:52 . 2007-05-16 21:45506728----a-w-c:\windows\system32\d3dx10_34.dll
2012-11-20 18:32 . 2009-03-18 21:3533856---ha-w-c:\windows\system32\hamachi.sys
2012-11-20 18:32 . 2012-11-20 18:32--------d-----w-c:\program files (x86)\LogMeIn Hamachi
2012-11-20 03:51 . 2012-11-20 03:51--------d-----w-c:\users\Enoch\AppData\Local\DDMSettings
2012-11-17 08:41 . 2012-11-17 08:41--------d-----w-c:\users\Enoch\AppData\Roaming\ts3overlay
2012-11-17 05:53 . 2012-11-21 02:54--------d-----w-c:\users\Enoch\AppData\Local\Sony Online Entertainment
2012-11-15 02:52 . 2012-11-15 03:21--------d-----w-c:\users\Enoch\GitHub
2012-11-15 01:02 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 01:02 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 01:02 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 01:02 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-15 00:56 . 2012-10-08 11:1396768----a-w-c:\windows\system32\mshtmled.dll
2012-11-15 00:51 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 00:51 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 00:51 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-15 00:51 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-15 00:51 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-15 00:51 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 00:51 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-15 00:50 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
2012-11-15 00:50 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
2012-11-15 00:50 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-11-15 00:50 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
2012-11-15 00:50 . 2012-08-24 18:04307200----a-w-c:\windows\system32\ncrypt.dll
2012-11-15 00:50 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
2012-11-15 00:50 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
2012-11-15 00:50 . 2012-08-24 16:57220160----a-w-c:\windows\SysWow64\ncrypt.dll
2012-11-15 00:50 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
2012-11-15 00:19 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-15 00:19 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-14 18:29 . 2012-11-16 05:26--------d-----w-c:\users\Enoch\AppData\Local\Eclipse
2012-11-14 18:19 . 2012-11-14 18:19--------d-----w-c:\users\Enoch\AppData\Roaming\GitHub
2012-11-14 18:19 . 2012-11-15 01:18--------d-----w-c:\users\Enoch\AppData\Local\GitHub
2012-11-14 18:17 . 2012-11-14 18:17--------d-----w-c:\users\Enoch\AppData\Local\Apps
2012-11-14 18:17 . 2012-11-15 03:08--------d-----w-c:\users\Enoch\AppData\Local\Deployment
2012-11-13 20:29 . 2012-11-13 20:29354216----a-w-c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-10 02:49 . 2012-11-10 02:49159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-10 02:49 . 2012-11-10 02:49--------d-----w-c:\program files (x86)\QuickTime
2012-11-09 21:10 . 2012-11-09 21:10--------d-----w-c:\program files (x86)\Common Files\Java
2012-11-09 21:10 . 2012-11-09 21:1095208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-08 20:23 . 2012-11-08 20:23--------d-----w-c:\users\Enoch\AppData\Local\Macromedia
2012-11-08 19:48 . 2012-11-08 19:48--------d-----w-c:\users\Enoch\AppData\Local\Mozilla
2012-11-08 19:48 . 2012-11-08 19:48--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2012-11-05 20:58 . 2012-11-05 20:58--------d-----w-c:\users\Enoch\AppData\Roaming\AVG
2012-11-05 20:57 . 2012-11-05 20:59--------d-----w-c:\programdata\AVG
2012-11-05 20:57 . 2012-11-05 20:57--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-03 05:04 . 2012-11-03 05:05--------d-----w-c:\program files\Microsoft Xbox 360 Accessories
2012-10-30 04:02 . 2012-10-31 03:05--------d-----w-c:\program files\MotioninJoy
2012-10-30 04:02 . 2012-10-30 04:02--------d-----w-c:\users\Enoch\AppData\Roaming\MotioninJoy
2012-10-30 04:02 . 2011-11-10 22:32115272----a-w-c:\windows\system32\drivers\MijXfilt.sys
2012-10-30 04:02 . 2010-08-19 23:2474960----a-w-c:\windows\system32\drivers\xusb21.sys
2012-10-30 04:02 . 2010-08-19 23:241721576----a-w-c:\windows\system32\WdfCoInstaller01009.dll
2012-10-30 04:02 . 2010-05-03 20:12328712----a-w-c:\windows\system32\MijFrc.dll
2012-10-28 23:59 . 2012-10-28 23:59--------d-----w-c:\users\Enoch\AppData\Local\ElevatedDiagnostics
2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 13:56 . 2012-03-22 04:37466456----a-w-c:\windows\system32\wrap_oal.dll
2012-11-23 13:56 . 2012-03-22 04:37444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-11-23 13:56 . 2012-03-22 04:37122904----a-w-c:\windows\system32\OpenAL32.dll
2012-11-23 13:56 . 2012-03-22 04:37109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-11-17 05:40 . 2012-04-12 23:04697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-17 05:40 . 2012-03-23 23:3473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 00:52 . 2012-03-22 05:1966395536----a-w-c:\windows\system32\MRT.exe
2012-11-09 21:10 . 2012-05-08 00:14821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-11-09 21:10 . 2012-03-21 03:56746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-11-02 05:30 . 2012-04-03 18:31298016----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-11-02 05:30 . 2012-04-02 16:15298016----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-10-23 03:11 . 2012-04-02 16:15281520----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-09-14 19:19 . 2012-10-11 04:092048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 04:092048----a-w-c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-11 04:101659760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-11 04:105559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 04:103914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 04:103968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-08-27 23:40 . 2012-10-14 01:244204272----a-w-c:\windows\SysWow64\GameMon.des
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-22 03:59220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Enoch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"googletalk"="c:\users\Enoch\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-31 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-07-18 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-01-31 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\PCCMFSDM.exe" [2010-02-02 135168]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\KmPcFax.exe" [2010-01-18 765952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\users\Enoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Enoch\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2012-1-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-09-25 743320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Enoch\Stuff\ThrottleStop_500\ThrottleStop_500\WinRing0x64.sys [2008-07-27 14544]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-01-31 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-01-31 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-06-29 30056]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-01-31 13408]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [2012-01-31 15456]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2012-01-28 20549]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-06-15 103472]
S2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~2\PANASO~1\LocalCom\lmsrvnt.exe [2010-01-09 49152]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-31 29792]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [2012-01-31 20064]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:40]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 16:39]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 16:39]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001Core.job
- c:\users\Enoch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 03:51]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001UA.job
- c:\users\Enoch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 03:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Enoch\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-01-31 16:461508192----a-w-c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-01-31 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-01-31 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-31 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-31 5908928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-02 416024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Enoch\AppData\Roaming\Mozilla\Firefox\Profiles\fmkxmx47.default\
FF - ExtSQL: 2012-11-08 13:53; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-PlanetSide 2 Beta - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\Uninstaller.exe
AddRemove-SOE-PlanetSide 2 Beta - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3609643015-3193077264-2906996130-1001\Software\SecuROM\License information*]
"datasecu"=hex:2f,a6,62,ed,37,ae,3c,fd,77,c1,43,89,5b,3c,8f,b1,52,8b,29,36,02,
f7,58,30,a8,36,ce,ef,77,56,ce,75,da,45,c6,4c,c1,5b,f2,6a,ae,c5,3a,a2,ce,0e,\
"rkeysecu"=hex:80,dd,17,a7,b0,19,43,c6,a8,70,bf,14,bd,76,1d,e7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-11-23 14:23:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-23 19:23
.
Pre-Run: 5,742,850,048 bytes free
Post-Run: 6,264,889,344 bytes free
.
- - End Of File - - BED88E74D01C6FCC78F28D616666BE03

Broni · Nov 23, 2012

Looks good

Any current issues?

=================================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

azndiabolo · Nov 23, 2012

AdwCleaner[S1].txt log

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 14:34:38
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Enoch - ENOCH-LENOVO
# Boot Mode : Normal
# Running from : C:\Users\Enoch\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Enoch\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Enoch\AppData\Roaming\Mozilla\Firefox\Profiles\fmkxmx47.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1459 octets] - [23/11/2012 14:34:38]

########## EOF - C:\AdwCleaner[S1].txt - [1519 octets] ##########

azndiabolo · Nov 23, 2012

OTL.txt log (part 1)
OTL logfile created on: 11/23/2012 2:38:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Enoch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.53% Memory free
15.89 Gb Paging File | 13.64 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 5.94 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 25.32 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: ENOCH-LENOVO | User Name: Enoch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 14:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
PRC - [2012/11/21 21:16:41 | 000,539,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/01 12:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/28 18:05:22 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Enoch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/25 20:09:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/18 18:54:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enoch\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/31 11:46:40 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/01/31 11:46:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012/01/28 10:20:12 | 000,041,051 | ---- | M] (Apache Software Foundation) -- C:\Apache\bin\ApacheMonitor.exe
PRC - [2012/01/28 10:16:44 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\Apache\bin\httpd.exe
PRC - [2011/01/28 18:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011/01/12 13:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/02/02 12:41:40 | 000,135,168 | ---- | M] ( ) -- C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2010/01/09 11:37:20 | 000,049,152 | ---- | M] (Panasonic System Networks Co., Ltd.) -- C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE

========== Modules (No Company Name) ==========

MOD - [2012/11/21 21:16:46 | 000,818,688 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/11/21 21:16:41 | 020,319,568 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/11/21 21:16:41 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/11/21 21:16:41 | 000,964,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/11/21 21:16:41 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/11/21 21:16:41 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/14 20:34:59 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll
MOD - [2012/11/14 20:17:39 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 20:17:24 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 20:17:19 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 20:17:14 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 20:17:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 20:16:46 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 20:16:40 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/01 12:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 12:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/01/31 11:46:39 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/01/31 11:46:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/02/16 12:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/02/16 12:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/05/12 11:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/05/02 09:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/05/02 09:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/05/02 09:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/21 21:16:41 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/17 00:40:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/25 14:23:44 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/08/30 12:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/08/27 18:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 20:09:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/28 22:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/28 10:16:44 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/01/12 13:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 11:37:20 | 000,049,152 | ---- | M] (Panasonic System Networks Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/28 22:37:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/02 11:17:34 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 11:55:42 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/01/31 11:55:40 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/01/31 11:53:20 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/01/31 11:53:20 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/01/31 11:44:14 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012/01/31 11:44:14 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/10 17:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/10/28 06:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/28 22:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/28 22:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/26 18:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/12 19:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/05/12 19:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/05/12 19:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/05/12 19:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/05/12 19:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/05/12 19:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/05/09 15:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/05/01 09:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/12 12:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/12 22:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/01 00:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/18 21:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/18 21:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/05/26 19:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 20:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Enoch\Stuff\ThrottleStop_500\ThrottleStop_500\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7LENN_enUS501
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

azndiabolo · Nov 23, 2012

OTL.txt log (part 2)

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Enoch\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Enoch\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Enoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 22:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 09:19:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 19:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/19 22:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 21:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/19 22:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/09 21:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/11/09 21:49:24 | 000,000,000 | ---D | M]

[2012/03/25 20:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enoch\AppData\Roaming\Mozilla\Extensions
[2012/11/08 14:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Enoch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Translate = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_1\
CHR - Extension: Angry Birds = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: MeasureIt! = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Google Drive = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.3_0\
CHR - Extension: Web Developer = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: YouTube = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Slinky Elegant = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Facebook = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Hymnal.Net = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\econahpakkgbkddhflmbofiglefeabaf\1.1_0\
CHR - Extension: Gmail Offline = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Wunderlist = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\1.0.2_0\
CHR - Extension: Clear Cache = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpampcchocandlbgdffjaihmccjmlgk\1.0_0\
CHR - Extension: AdBlock = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Eye Dropper = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: AVG Safe Search = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Little Alchemy = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: Google Maps = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_1\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.147.2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: YSlow = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh\3.1.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\10.8_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.8_0\
CHR - Extension: Gmail = C:\Users\Enoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/23 14:19:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe ( )
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe (Panasonic System Networks Co.,Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001..\Run: [googletalk] C:\Users\Enoch\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001..\Run: [Spotify Web Helper] C:\Users\Enoch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Enoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Enoch\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3609643015-3193077264-2906996130-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{916500CF-9364-416E-8C86-1A98C10B3CC7}: DhcpNameServer = 128.8.76.2 128.8.74.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E95B6498-EA7D-43B5-94A8-065512EF2B55}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

azndiabolo · Nov 23, 2012

OTL.txt log (part 3)
========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 14:33:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
[2012/11/23 14:23:44 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/23 14:19:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 13:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 13:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 13:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 13:57:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 13:57:04 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/23 13:53:23 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Enoch\Desktop\ComboFix.exe
[2012/11/23 08:56:42 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Documents\Saved Games
[2012/11/23 00:56:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Enoch\Desktop\aswMBR.exe
[2012/11/23 00:53:44 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Desktop\RK_Quarantine
[2012/11/22 22:45:03 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Western Digital
[2012/11/22 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\Malwarebytes
[2012/11/22 22:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/22 22:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/22 22:03:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/22 22:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/22 16:43:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/21 23:24:46 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/11/21 22:59:02 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mega Codec Pack
[2012/11/21 22:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[2012/11/20 13:32:07 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2012/11/20 13:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/20 13:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/19 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Documents\Hitman Blood Money
[2012/11/19 22:51:39 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\DDMSettings
[2012/11/17 03:41:58 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\ts3overlay_hook_win64
[2012/11/17 03:41:58 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\ts3overlay
[2012/11/17 00:53:23 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Sony Online Entertainment
[2012/11/14 21:52:42 | 000,000,000 | ---D | C] -- C:\Users\Enoch\GitHub
[2012/11/14 19:53:29 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Documents\eclipse
[2012/11/14 13:29:52 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Eclipse
[2012/11/14 13:19:47 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Documents\GitHub
[2012/11/14 13:19:44 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\GitHub
[2012/11/14 13:19:40 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\GitHub
[2012/11/14 13:19:29 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
[2012/11/14 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Apps
[2012/11/14 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Deployment
[2012/11/13 15:29:04 | 000,354,216 | ---- | C] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2012/11/09 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 21:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/09 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/08 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Macromedia
[2012/11/08 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\Mozilla
[2012/11/08 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/08 14:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/08 14:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 15:58:40 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\AVG
[2012/11/05 15:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/11/05 15:57:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/11/04 00:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/03 22:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/11/03 00:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2012/11/03 00:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2012/11/02 20:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/29 23:02:18 | 000,115,272 | ---- | C] (MotioninJoy) -- C:\windows\SysNative\drivers\MijXfilt.sys
[2012/10/29 23:02:18 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\MotioninJoy
[2012/10/29 23:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012/10/29 23:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2012/10/28 19:37:35 | 000,000,000 | ---D | C] -- C:\Users\Enoch\Documents\Bethany
[2012/10/28 18:59:05 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Local\ElevatedDiagnostics
[2012/10/25 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\Enoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 14:42:45 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/23 14:42:45 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/23 14:42:45 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/23 14:37:21 | 000,694,314 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/11/23 14:36:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 14:36:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 14:36:19 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 14:35:14 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:35:14 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Enoch\Desktop\OTL.exe
[2012/11/23 14:20:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001UA.job
[2012/11/23 14:19:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/23 14:17:04 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/11/23 14:07:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 14:00:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 13:53:25 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Enoch\Desktop\ComboFix.exe
[2012/11/23 09:45:03 | 101,000,777 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/11/23 08:56:41 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012/11/23 08:56:40 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2012/11/23 01:59:23 | 000,000,512 | ---- | M] () -- C:\Users\Enoch\Desktop\MBR.dat
[2012/11/23 00:57:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Enoch\Desktop\aswMBR.exe
[2012/11/23 00:52:46 | 000,750,080 | ---- | M] () -- C:\Users\Enoch\Desktop\RogueKiller.exe
[2012/11/22 22:03:29 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/20 21:29:05 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3609643015-3193077264-2906996130-1001Core.job
[2012/11/20 18:33:43 | 000,332,470 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/18 22:08:02 | 000,001,097 | ---- | M] () -- C:\Users\Enoch\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/14 21:24:06 | 000,000,051 | ---- | M] () -- C:\Users\Enoch\.gitconfig
[2012/11/14 20:14:56 | 005,019,256 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/14 19:55:46 | 000,002,909 | ---- | M] () -- C:\Users\Enoch\Documents\Eclipse.lnk
[2012/11/13 15:29:04 | 000,354,216 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2012/11/10 03:45:03 | 000,001,290 | ---- | M] () -- C:\Users\Enoch\keyStoreLocation
[2012/11/03 00:34:23 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01001.Wdf
[2012/11/02 00:30:13 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/11/02 00:30:13 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/10/29 23:06:26 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/23 14:17:04 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/11/23 13:58:09 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 13:58:09 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 13:58:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 13:58:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 13:58:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/23 01:59:23 | 000,000,512 | ---- | C] () -- C:\Users\Enoch\Desktop\MBR.dat
[2012/11/23 00:52:46 | 000,750,080 | ---- | C] () -- C:\Users\Enoch\Desktop\RogueKiller.exe
[2012/11/22 22:03:29 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/14 21:24:06 | 000,000,051 | ---- | C] () -- C:\Users\Enoch\.gitconfig
[2012/11/14 20:02:34 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 19:55:46 | 000,002,909 | ---- | C] () -- C:\Users\Enoch\Documents\Eclipse.lnk
[2012/11/14 19:51:45 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/10 03:45:03 | 000,001,290 | ---- | C] () -- C:\Users\Enoch\keyStoreLocation
[2012/11/08 14:48:33 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/03 00:34:23 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01001.Wdf
[2012/10/30 20:08:59 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4 64-bit.lnk
[2012/10/29 23:06:26 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/09/29 23:28:22 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat
[2012/09/22 19:43:00 | 000,000,106 | ---- | C] () -- C:\Users\Enoch\AppData\Roaming\prio.ini
[2012/09/15 14:32:36 | 000,000,240 | ---- | C] () -- C:\windows\PanaFLB881.ini
[2012/08/29 00:11:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/08 21:41:08 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/07/25 19:33:52 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
[2012/06/28 01:44:28 | 000,001,456 | ---- | C] () -- C:\Users\Enoch\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/30 12:44:52 | 000,032,829 | ---- | C] () -- C:\windows\scunin.dat
[2012/05/20 22:11:48 | 000,000,145 | ---- | C] () -- C:\Users\Enoch\.appletviewer
[2012/04/09 10:21:15 | 000,007,602 | ---- | C] () -- C:\Users\Enoch\AppData\Local\Resmon.ResmonCfg
[2012/04/02 11:15:31 | 000,298,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/04/02 11:15:28 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/03/24 14:17:08 | 000,000,132 | ---- | C] () -- C:\Users\Enoch\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/31 12:02:21 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/01/31 12:02:21 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/01/31 11:46:42 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/01/31 11:46:42 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/01/31 11:46:42 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/01/31 11:46:42 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/01/31 11:46:38 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/01/31 11:44:14 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2012/01/31 11:44:14 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2012/01/31 11:44:14 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2012/01/31 11:44:14 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2012/01/31 11:44:14 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2012/01/31 11:29:49 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/31 10:56:57 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/01/31 10:56:55 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/31 10:56:55 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/01/31 10:56:55 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/01/31 10:56:54 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/18 12:47:00 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\.jmonkeyplatform
[2012/05/10 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Audacity
[2012/11/05 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\AVG
[2012/05/22 07:28:27 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\AVG2012
[2012/06/30 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/11 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Cobalt
[2012/09/18 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Cyberduck
[2012/04/02 15:20:35 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\DAEMON Tools Lite
[2012/06/11 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Dexpot
[2012/11/23 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Dropbox
[2012/05/23 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\DVDVideoSoft
[2012/04/02 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Garritan
[2012/11/14 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\GitHub
[2012/09/03 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\ImgBurn
[2012/04/02 15:30:03 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\MakeMusic
[2012/10/29 23:02:18 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\MotioninJoy
[2012/08/08 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Origin
[2012/09/15 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Panasonic
[2012/11/21 11:15:04 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Spotify
[2012/03/21 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/11/17 01:12:23 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Sublime Text 2
[2012/03/25 20:59:11 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Thunderbird
[2012/06/12 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Trine2
[2012/11/17 04:19:50 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\TS3Client
[2012/11/17 03:41:58 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\ts3overlay
[2012/11/17 03:44:31 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\ts3overlay_hook_win64
[2012/09/29 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Tunngle
[2012/06/04 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Ubisoft
[2012/10/09 16:27:37 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\Unity
[2012/11/21 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Enoch\AppData\Roaming\uTorrent
[2012/09/18 16:43:57 | 000,000,000 | -HSD | M] -- C:\Users\Enoch\AppData\Roaming\wyUpdate AU

========== Purity Check ==========

< End of report >

Solved Win64/patched.a removal

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 56,041 +516

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Posts: 27 +0

Similar threads