TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Regnier19 on July 12, 2013, 04:34:43 PM

Title: Do I have a Trojan?
Post by: Regnier19 on July 12, 2013, 04:34:43 PM

I found A virus on my PC called MyDeltaTB.exe. Avast caught it and moved it to the chest where I deleted it however I am paranoid about Trojans and would like a definitive answer as to weather I have a Trojan or other malicious virus in my PC. Here is the log file 

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 22:21:29, on 12/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

 

 

Boot mode: Normal

 

Running processes:

C:\\Program Files (x86)\\Steam\\Steam.exe

C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe

C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe

C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe

C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Users\\User\\Downloads\\HijackThis.exe

 

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = 

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

O4 - HKLM\\..\\Run: [avast] \"C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe\" /nogui

O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"

O4 - HKLM\\..\\Run: [ApnUpdater] \"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"

O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"

O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun

O4 - HKCU\\..\\Run: [Steam] \"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent

O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun

O4 - HKCU\\..\\Run: [HydraVisionDesktopManager] \"C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe\"

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~2\\COMMON~1\\Skype\\SKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\\Windows\\system32\\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\\Program Files (x86)\\Steam\\steamapps\\common\\Dragon Age Ultimate Edition\\bin_ship\\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\\Program Files (x86)\\Hi-Rez Studios\\HiPatchService.exe

O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

 

--

End of file - 9109 bytes

 

Title: Do I have a Trojan?
Post by: guestolo on July 21, 2013, 10:07:33 PM

You have probably had help already with this.

But if not, do you still need a hand? Are you experiencing any problems?

Title: Do I have a Trojan?
Post by: Regnier19 on July 23, 2013, 02:58:54 PM

No, I have had no help, I do not know that there is anything wrong with my PC, it is running fine, I was simply told you could tell me weather or not I have any malware in my system specifically a Trojan.

Title: Do I have a Trojan?
Post by: guestolo on July 23, 2013, 05:06:03 PM

Everything looks ok, but let\'s take a closer look

Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
  
• Click Run Scan and let the program run uninterrupted.
  
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  
  

 

Title: Do I have a Trojan?
Post by: Regnier19 on July 25, 2013, 02:51:36 PM

Here are the logs you asked for.

 

OTL logfile created on: 25/07/2013 20:43:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\User\\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free

15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/25 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\User\\Downloads\\OTL.exe

PRC - [2013/07/13 00:22:22 | 000,217,992 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\GoogleCrashHandler.exe

PRC - [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

PRC - [2013/07/10 02:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\\Program Files (x86)\\Steam\\Steam.exe

PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

PRC - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\afwServ.exe

PRC - [2013/04/25 17:36:14 | 001,648,264 | ---- | M] (Ask) -- C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe

PRC - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () -- C:\\Windows\\SysWOW64\\PnkBstrA.exe

PRC - [2011/07/28 17:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/12 19:49:44 | 000,396,240 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ppgooglenaclpluginchrome.dll

MOD - [2013/07/12 19:49:43 | 013,599,184 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\PepperFlash\\pepflashplayer.dll

MOD - [2013/07/12 19:49:42 | 004,052,944 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

MOD - [2013/07/12 19:48:52 | 000,601,552 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\libglesv2.dll

MOD - [2013/07/12 19:48:51 | 000,123,344 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\libegl.dll

MOD - [2013/07/12 19:48:49 | 001,597,392 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ffmpegsumo.dll

MOD - [2013/07/10 02:56:22 | 001,121,704 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\chromehtml.dll

MOD - [2013/07/09 22:45:48 | 020,625,832 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\libcef.dll

MOD - [2013/07/01 17:20:48 | 000,652,800 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\SDL2.dll

MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avcodec-53.dll

MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avformat-53.dll

MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avutil-51.dll

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2013/03/29 02:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\SysNative\\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/07/14 18:30:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/18 15:42:26 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\\Program Files (x86)\\Hi-Rez Studios\\HiPatchService.exe -- (HiPatchService)

SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\\Windows\\SysWOW64\\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/29 01:06:05 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Steam\\steamapps\\common\\Dragon Age Ultimate Edition\\bin_ship\\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/06/27 20:50:29 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/06/07 23:28:38 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\\Windows\\SysNative\\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 09:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2013/05/09 09:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswFW.sys -- (aswFW)

DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/05/09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2013/03/29 03:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2013/03/29 02:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/06/27 21:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswNdis.sys -- (aswNdis)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\amd64\\aoddriver2.sys -- (AODDriver4.2)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\amd64\\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/08/23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/07/29 04:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/07/29 04:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/07/06 11:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hamachi.sys -- (hamachi)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = AD 96 6A E3 7A B9 CD 01  [binary data]

IE - HKCU\\..\\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

IE - HKCU\\..\\SearchScopes\\{A0408474-08CD-4DBE-900E-5BAA7329BE0D}: \"URL\" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=43AE5EC6-3DA8-4C12-A5DB-1AA6CDD3C3C1&apn_sauid=9EA12337-5CC4-4AE2-99B8-F384C819BB40

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_8_800_94.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_8_800_94.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.25.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.25.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pandonetworks.com/PandoWebPlugin: C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\pandonetworks.com/PandoWebPlugin: C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\\Software\\MozillaPlugins\\ubisoft.com/uplaypc: C:\\Program Files (x86)\\Ubisoft\\Ubisoft Game Launcher\\npuplaypc.dll (Ubisoft)

 

 

[2013/07/11 00:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Delta Search (Enabled)

CHR - default_search_provider: search_url = http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\gcswf32.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files (x86)\\Google\\Update\\1.3.21.65\\npGoogleUpdate3.dll

CHR - Extension: Ask Toolbar = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aaaaojmikegpiepcfdkkjaplodkpfmlo\\7.15.27.49091_0\\

CHR - Extension: YouTube = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: avast! Online Security = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\8.0.8_0\\

CHR - Extension: Gmail = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\\Run: [LogMeIn GUI] \"C:\\Program Files (x86)\\LogMeIn\\x64\\LogMeInSystray.exe\" File not found

O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\\Run: [XboxStat] C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\\Run: []  File not found

O4 - HKLM..\\Run: [ApnUpdater] C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe (Ask)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [avast] C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [HydraVisionDesktopManager] C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe (AMD)

O4 - HKCU..\\Run: [Steam] C:\\Program Files (x86)\\Steam\\steam.exe (Valve Corporation)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLUA = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: PromptOnSecureDesktop = 0

O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000007 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000007 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{75086C6F-4338-4956-A733-5638F01D4034}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/22 00:36:01 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SpeedFan

[2013/07/22 00:36:00 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\SpeedFan

[2013/07/22 00:35:59 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SpeedFan

[2013/07/19 17:58:44 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (7)

[2013/07/19 17:09:49 | 000,270,824 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswNdis2.sys

[2013/07/19 17:09:47 | 000,131,232 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswFW.sys

[2013/07/19 17:09:29 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\avast! Internet Security

[2013/07/14 00:43:51 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\Data

[2013/07/13 22:48:23 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (6)

[2013/07/11 00:44:44 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\Extensions

[2013/07/11 00:44:43 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\searchplugins

[2013/07/11 00:44:35 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2013/07/11 00:44:13 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\DSite

[2013/07/11 00:44:10 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Tarma Installer

[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\Babylon

[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Babylon

[2013/07/10 23:10:08 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Earth

[2013/07/08 23:50:38 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (5)

[2013/06/29 22:19:34 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Local\\ElevatedDiagnostics

[2013/06/29 17:26:38 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (4)

[2013/06/29 17:16:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/29 17:16:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/29 17:16:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Java

[2013/06/28 16:55:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\ATI

[2013/06/28 16:54:34 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AMD AVT

[2013/06/28 16:54:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\AMD VISION Engine Control Center

[2013/06/26 00:12:44 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Documents\\Rockstar Games

[2013/06/26 00:10:18 | 000,000,000 | -HSD | C] -- C:\\ProgramData\\SecuROM

[2013/06/26 00:05:09 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Local\\Rockstar Games

[2013/06/26 00:05:01 | 000,000,000 | RH-D | C] -- C:\\Users\\User\\AppData\\Roaming\\SecuROM

[2013/06/26 00:05:00 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\\Windows\\SysWow64\\CmdLineExt_x64.dll

[1 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/25 20:27:01 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/07/25 20:19:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 19:51:56 | 000,000,890 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/07/25 19:51:43 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/07/25 19:51:39 | 2132,877,311 | -HS- | M] () -- C:\\hiberfil.sys

[2013/07/22 00:35:59 | 000,000,045 | ---- | M] () -- C:\\Windows\\SysWow64\\initdebug.nfo

[2013/07/19 17:09:47 | 000,000,000 | ---- | M] () -- C:\\Windows\\SysWow64\\config.nt

[2013/07/19 17:09:29 | 000,001,922 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Internet Security.lnk

[2013/07/14 18:30:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2013/07/14 18:30:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2013/07/11 01:05:08 | 000,001,138 | ---- | M] () -- C:\\Users\\User\\Desktop\\Continue Zip Opener Installation.lnk

[2013/07/10 23:10:08 | 000,002,212 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Earth.lnk

[2013/06/29 17:16:20 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/29 17:16:19 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\npDeployJava1.dll

[2013/06/29 17:16:19 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\deployJava1.dll

[2013/06/29 17:16:19 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/28 20:01:57 | 000,001,943 | ---- | M] () -- C:\\Users\\User\\Desktop\\Heroes of Newerth.lnk

[2013/06/28 19:56:17 | 000,001,949 | ---- | M] () -- C:\\Users\\User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Heroes of Newerth.lnk

[2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys

[2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSP.sys

[2013/06/27 20:50:29 | 000,189,936 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswSP.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys.sum

[2013/06/26 00:05:00 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\\Windows\\SysWow64\\CmdLineExt_x64.dll

[1 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/22 00:35:59 | 000,000,045 | ---- | C] () -- C:\\Windows\\SysWow64\\initdebug.nfo

[2013/07/19 17:09:29 | 000,001,922 | ---- | C] () -- C:\\Users\\Public\\Desktop\\avast! Internet Security.lnk

[2013/07/11 01:05:08 | 000,001,138 | ---- | C] () -- C:\\Users\\User\\Desktop\\Continue Zip Opener Installation.lnk

[2013/07/10 23:10:08 | 000,002,212 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Google Earth.lnk

[2013/06/28 20:01:57 | 000,001,943 | ---- | C] () -- C:\\Users\\User\\Desktop\\Heroes of Newerth.lnk

[2013/06/28 19:56:17 | 000,001,949 | ---- | C] () -- C:\\Users\\User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Heroes of Newerth.lnk

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswSP.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys.sum

[2013/05/18 17:36:36 | 000,000,023 | ---- | C] () -- C:\\Windows\\BlendSettings.ini

[2013/03/29 03:13:14 | 000,798,734 | ---- | C] () -- C:\\Windows\\SysWow64\\amdocl_ld32.exe

[2013/03/29 03:13:12 | 000,995,342 | ---- | C] () -- C:\\Windows\\SysWow64\\amdocl_as32.exe

[2013/03/19 13:35:31 | 000,281,392 | ---- | C] () -- C:\\Windows\\SysWow64\\PnkBstrB.exe

[2013/03/19 13:35:28 | 003,123,272 | ---- | C] () -- C:\\Windows\\SysWow64\\pbsvc.exe

[2013/03/19 13:35:28 | 000,076,888 | ---- | C] () -- C:\\Windows\\SysWow64\\PnkBstrA.exe

[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\\Windows\\SysWow64\\kdbsdk32.dll

[2012/07/21 20:09:05 | 000,000,092 | ---- | C] () -- C:\\Users\\User\\AppData\\Local\\fusioncache.dat

[2012/07/21 19:35:56 | 000,777,350 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2012/07/03 23:45:08 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin

[2012/07/03 23:19:45 | 000,000,010 | ---- | C] () -- C:\\Windows\\GSetup.ini

[2012/06/11 17:50:16 | 000,204,952 | ---- | C] () -- C:\\Windows\\SysWow64\\ativvsvl.dat

[2012/06/11 17:50:16 | 000,157,144 | ---- | C] () -- C:\\Windows\\SysWow64\\ativvsva.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\\Windows\\SysWow64\\xlive.dll.cat

[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\\Windows\\SysWow64\\atipblag.dat

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

 

< End of report >

 

And

 

OTL Extras logfile created on: 25/07/2013 20:43:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\User\\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free

15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.html[@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\\system32\\mshtml.dll,PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\\system32\\mshtml.dll,PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = 28 4D B2 76 41 04 CA 01  [binary data]

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{022BB7A6-E93F-40CF-BF6E-835D0A5BF5A9}\" = rport=137 | protocol=17 | dir=out | app=system | 

\"{192D7AA8-6247-4283-B4A2-1142989B4B79}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{1C1CFD69-EA95-431D-AD99-FCC0C6583396}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{1E8001FC-818A-48E5-8242-99D4C16E3769}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{201B7AD3-942D-4297-983A-0194FCBBC7A4}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

\"{6156C471-5DCD-4DD6-B08E-A6CECD75B887}\" = rport=445 | protocol=6 | dir=out | app=system | 

\"{626A6ABD-2DE9-4243-B4C2-C39480494DD0}\" = lport=138 | protocol=17 | dir=in | app=system | 

\"{7F32CB6C-FF69-40F7-B699-8F9701462919}\" = lport=445 | protocol=6 | dir=in | app=system | 

\"{8202EE9A-7038-4547-B2E0-B314DBF6A738}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{89DAF9CA-5BCB-43E8-8F93-4ADC9FE6F8CB}\" = lport=2869 | protocol=6 | dir=in | app=system | 

\"{9708DB45-49D9-43FD-B706-69AB5861A351}\" = lport=10243 | protocol=6 | dir=in | app=system | 

\"{A1B92A72-868C-408B-82B3-D0D0F3CBB1C0}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe | 

\"{A338C330-B9F0-46A9-8F04-B3C0A3705D0A}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{B23A613A-BFCC-4387-9AAA-4659366FDD69}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{B90F458F-5B01-49D9-A62A-BA2AD9B640C8}\" = rport=139 | protocol=6 | dir=out | app=system | 

\"{C081E5CC-1890-424D-812D-0E903DE18E61}\" = lport=139 | protocol=6 | dir=in | app=system | 

\"{C2605413-C430-441E-AA81-89DFF392E82D}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{C2C93281-0498-467D-9CAC-13B7B7D8F5D0}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{CE270624-33A6-4DF5-AE06-BC458A0A64F3}\" = rport=10243 | protocol=6 | dir=out | app=system | 

\"{D04D07D8-4219-40BF-9EC8-E9FA8C84C530}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{D1DA3F1F-1E64-42C7-99FE-E64865424F41}\" = rport=138 | protocol=17 | dir=out | app=system | 

\"{DDC0F028-B6CE-4A4D-885B-50D694C6D64C}\" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\smsvchost.exe | 

\"{DE620684-8667-415F-B876-886497039C08}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{E5891FB8-4F9C-4640-967E-529B896126C6}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

\"{F1BB9D44-7873-42B6-B016-9A186E4EE2A3}\" = lport=137 | protocol=17 | dir=in | app=system | 

\"{F2A202A3-76AA-4C36-9042-D1AA4DF43D1B}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{FA93B714-C5BB-47F3-987A-6BD9C1779AAD}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{FD7E8F05-2D26-4C2D-8E0E-7B7DCAE03FDA}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{018B41FC-3575-491B-B30E-8CE2AAAFC95E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{028BB826-4DB9-420F-A22D-71829D931679}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\war of the roses\\run_game.exe | 

\"{02FAB3CA-EE2F-4A61-95DE-C648508EC49E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\ted.exe | 

\"{0763AA77-E426-4C25-BEC0-0CCDCD40A336}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dxhrml\\dxhrml.exe | 

\"{088796FC-A60C-40BB-80AB-21F5F6A8B8F9}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dark souls prepare to die edition\\data\\darksouls.exe | 

\"{0CC38C2B-E044-4EDC-B3D7-BE34A45EA75E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\bonjour\\mdnsresponder.exe | 

\"{0DC9F55C-3BC8-4BD2-A1D6-4C04A4D889CE}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dota 2 beta\\dota.exe | 

\"{0FE36175-5006-4934-9C48-9EF3917A3C00}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dragon age ultimate edition\\bin_ship\\daupdatersvc.service.exe | 

\"{10F0C992-BA42-4623-A790-4B32F8E771B0}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\universe sandbox\\universe sandbox.exe | 

\"{115D6BA2-F951-4706-A6A9-4F63366D54EB}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\botanicula\\botanicula.exe | 

\"{1381AA0A-5436-4321-8A14-8B54B67AC7EC}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\witcher.exe | 

\"{18848132-9F94-43ED-83B6-149CC4E54C4D}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\witcher.exe | 

\"{194B3CE8-C9B4-433D-9B39-61D4DE190CF3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\war of the roses\\run_game.exe | 

\"{1E28E069-54B2-450B-B94F-140863F7D0F1}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\crusader kings ii\\ck2game.exe | 

\"{214E9AEC-D6E9-4CD1-8AA9-003082B76DB6}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe | 

\"{22472336-D814-42A4-A02A-E4FF2F8E2B74}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\pando networks\\media booster\\pmb.exe | 

\"{24A5B619-8120-4E64-9421-D52FE7235999}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\redfactionarmageddon_dx11.exe | 

\"{24DA127B-E420-43D5-9746-EAFF04767B64}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\grand theft auto iv\\gtaiv\\gtaiv.exe | 

\"{25C40D1F-1632-44BC-9120-3C79BCA7831E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\snuggle truck\\snuggle truck.exe | 

\"{298A186E-2067-4F9B-86E9-21F22C2BCD1D}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\orcs must die 2\\build\\release\\orcsmustdie2.exe | 

\"{29B91FA6-D746-495C-B994-8461D6288579}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\jedi academy\\gamedata\\jasp.exe | 

\"{2A02E983-EDE4-4721-9D6A-F932D6D7119C}\" = protocol=6 | dir=in | app=c:\\programdata\\battle.net\\agent\\agent.1040\\agent.exe | 

\"{2A1FBE0D-52E9-44BA-B375-26AB600DADE0}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\trine 2\\trine2_launcher.exe | 

\"{2B58AEA8-3E39-4F96-9F73-C313C04D567B}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\solar 2\\solar2.exe | 

\"{2B734F63-590B-4DA7-8803-9BAFA113C954}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat | 

\"{2B799BD6-E658-4605-834D-03F745C995D2}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\blood bowl legendary edition\\bb_le.exe | 

\"{2C94ABE5-4F14-4786-802C-2738F0CCD93A}\" = protocol=17 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe | 

\"{2D7C42D8-71F8-44DD-B48D-6D2955710FB3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\stronghold\\stronghold.exe | 

\"{3229A269-6172-4D2E-AF3F-2A2138B45E99}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe | 

\"{32860CA1-B54B-45D4-A6B1-3C40B5E9DC20}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\oblivion\\oblivionlauncher.exe | 

\"{3367AC6D-46F1-4697-A146-4CD26B55E887}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\braid\\braid.exe | 

\"{33E2459B-907D-4028-8EB8-0D0D5B64805F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\sacred 2 gold\\system\\sacred2.exe | 

\"{33E2699D-83F8-4D1C-85AD-63F291120E85}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\pando networks\\media booster\\pmb.exe | 

\"{362BF82C-9718-4167-A562-5BC511142F33}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\darksiders\\darksiderspc.exe | 

\"{37CEA0D8-9B94-42E3-B9BD-AAAA52C4EF93}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\trine 2\\trine2_launcher.exe | 

\"{3833F05F-1906-4A01-8962-C1A58D20B623}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\limbo\\limbo.exe | 

\"{3B287A57-ECB7-45AB-9881-E5D329C8641D}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\ted.exe | 

\"{3D2F22AA-8CBF-4C8E-BA83-DEDDDC492A49}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\rf4_launcher.exe | 

\"{3D448F94-4726-4CDA-BF07-C5F3A8145C2B}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

\"{3FC61EBB-C6A5-4B10-AECD-4F1B1FAE98BF}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\saints row the third\\game_launcher.exe | 

\"{3FF22886-A888-4012-BBEA-A065F8D66E5A}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\electronic arts\\bioware\\star wars - the old republic\\launcher.exe | 

\"{40FE5BAE-EB6D-4DAC-801E-6CFCC431E2C0}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\sacred 2 gold\\system\\sacred2.exe | 

\"{457610C2-2FE4-49E6-8EAD-72D07CFA42A8}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\shogun2.exe | 

\"{45F16EDC-048A-44CB-BD54-D6DB3C135D79}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\limbo\\limbo.exe | 

\"{45F61C3E-B45C-4201-9984-61792D25AE62}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\metro 2033\\metro2033.exe | 

\"{4726A874-7914-4B3E-AC76-477ECBE00D8C}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\planetside 2\\launchpad.exe | 

\"{48235DA2-2661-45DE-BFB1-7E97124920C3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\magic 2014\\dotp_d14.exe | 

\"{48FAEAC7-92A6-4C1B-B9D3-C6AD71AB93FA}\" = protocol=17 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{492BF53D-37D3-4B57-BF83-94A64BC58C54}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\redfactionarmageddon.exe | 

\"{494CB7CF-8E83-4C6B-A9AC-492CAB439D69}\" = protocol=58 | dir=out | [email protected],-28546 | 

\"{496A19C1-10F4-47D4-871B-E296445DE4D1}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{49A46A02-3DB7-4427-AB17-823DCB8D8563}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steam.exe | 

\"{4B0A53EB-3650-4301-9793-F3D216913900}\" = protocol=58 | dir=in | [email protected],-28545 | 

\"{4BCD88BB-D67A-46DD-864B-7F823C6B3C0F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\machinarium\\machinarium.exe | 

\"{4D1A8A6E-1A15-4D47-88BB-F0579AFCCB17}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\djinni!.exe | 

\"{4DDCD0DE-E50F-4227-A931-6094BE20ACA0}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\jedi outcast\\gamedata\\jk2sp.exe | 

\"{4F3C7205-D3CA-4D9B-9A2C-CD5F5E99325D}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe | 

\"{4F5BBBA6-E7C2-4E39-B79C-BAD1C63E0DDA}\" = protocol=6 | dir=out | app=system | 

\"{53F37ED1-E7F3-4BE0-A3A1-40F005F82C24}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steam.exe | 

\"{54972C52-8AA0-49AE-8EB1-2DB01D46C91A}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\legend of grimrock\\grimrock.exe | 

\"{567F2BED-B3AA-453B-8BB2-1FF93519E45F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\mountblade warband\\mb_warband.exe | 

\"{5756EA92-9AF8-4E9D-93A3-498A2D9EB2A6}\" = protocol=17 | dir=in | app=c:\

Title: Do I have a Trojan?
Post by: guestolo on July 25, 2013, 03:17:24 PM

If you didn\'t purposely install Ask Toolbar
Close down all browser windows and uninstall it from \'Programs and Features\' in Windows Control Panel

Then do the following please
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system\'s specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\\AdwCleaner[S1].txt as well.

With the above logs: Can you reopen OTL.exe, run another scan and post the new log that opens

Title: Do I have a Trojan?
Post by: guestolo on August 05, 2013, 11:10:16 AM

As the original poster has not returned, I\'ll lock this topic
If you do return and still need a hand here, send me a PM please and I\'ll reopen it