Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Regnier19

Pages: [1]
1
Tech Clinic / Do I have a Trojan?
« on: July 25, 2013, 02:51:36 PM »

Here are the logs you asked for.


 


OTL logfile created on: 25/07/2013 20:43:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\User\\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free

15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/25 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\User\\Downloads\\OTL.exe

PRC - [2013/07/13 00:22:22 | 000,217,992 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\GoogleCrashHandler.exe

PRC - [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

PRC - [2013/07/10 02:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\\Program Files (x86)\\Steam\\Steam.exe

PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

PRC - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\\Program Files\\AVAST Software\\Avast\\afwServ.exe

PRC - [2013/04/25 17:36:14 | 001,648,264 | ---- | M] (Ask) -- C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe

PRC - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () -- C:\\Windows\\SysWOW64\\PnkBstrA.exe

PRC - [2011/07/28 17:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/12 19:49:44 | 000,396,240 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ppgooglenaclpluginchrome.dll

MOD - [2013/07/12 19:49:43 | 013,599,184 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\PepperFlash\\pepflashplayer.dll

MOD - [2013/07/12 19:49:42 | 004,052,944 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

MOD - [2013/07/12 19:48:52 | 000,601,552 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\libglesv2.dll

MOD - [2013/07/12 19:48:51 | 000,123,344 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\libegl.dll

MOD - [2013/07/12 19:48:49 | 001,597,392 | ---- | M] () -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ffmpegsumo.dll

MOD - [2013/07/10 02:56:22 | 001,121,704 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\chromehtml.dll

MOD - [2013/07/09 22:45:48 | 020,625,832 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\libcef.dll

MOD - [2013/07/01 17:20:48 | 000,652,800 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\SDL2.dll

MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avcodec-53.dll

MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avformat-53.dll

MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\\Program Files (x86)\\Steam\\bin\\avutil-51.dll

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\AVAST Software\\Avast\\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2013/03/29 02:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\SysNative\\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/07/14 18:30:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/18 15:42:26 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\\Program Files (x86)\\Hi-Rez Studios\\HiPatchService.exe -- (HiPatchService)

SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\\Windows\\SysWOW64\\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/29 01:06:05 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Steam\\steamapps\\common\\Dragon Age Ultimate Edition\\bin_ship\\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/06/27 20:50:29 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/06/07 23:28:38 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\\Windows\\SysNative\\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 09:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2013/05/09 09:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswFW.sys -- (aswFW)

DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/05/09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2013/03/29 03:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2013/03/29 02:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/06/27 21:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswNdis.sys -- (aswNdis)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\amd64\\aoddriver2.sys -- (AODDriver4.2)

DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\amd64\\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/08/23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/07/29 04:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/07/29 04:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/07/06 11:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hamachi.sys -- (hamachi)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 


IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = AD 96 6A E3 7A B9 CD 01  [binary data]

IE - HKCU\\..\\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: \"URL\" = http://www.yd.delta-search.com/?q=\'>http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

IE - HKCU\\..\\SearchScopes\\{A0408474-08CD-4DBE-900E-5BAA7329BE0D}: \"URL\" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q=\'>http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=43AE5EC6-3DA8-4C12-A5DB-1AA6CDD3C3C1&apn_sauid=9EA12337-5CC4-4AE2-99B8-F384C819BB40

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_8_800_94.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_8_800_94.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.25.2: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.25.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pandonetworks.com/PandoWebPlugin: C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.21.153\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\pandonetworks.com/PandoWebPlugin: C:\\Program Files (x86)\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\\Software\\MozillaPlugins\\ubisoft.com/uplaypc: C:\\Program Files (x86)\\Ubisoft\\Ubisoft Game Launcher\\npuplaypc.dll (Ubisoft)

 

 

[2013/07/11 00:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Delta Search (Enabled)

CHR - default_search_provider: search_url = http://www.yd.delta-search.com/?q=\'>http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Program Files (x86)\\Google\\Chrome\\Application\\28.0.1500.72\\gcswf32.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files (x86)\\Google\\Update\\1.3.21.65\\npGoogleUpdate3.dll

CHR - Extension: Ask Toolbar = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aaaaojmikegpiepcfdkkjaplodkpfmlo\\7.15.27.49091_0\\

CHR - Extension: YouTube = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: avast! Online Security = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\gomekmidlodglbbmalcneegieacbdmki\\8.0.8_0\\

CHR - Extension: Gmail = C:\\Users\\User\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_1\\

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\\Run: [LogMeIn GUI] \"C:\\Program Files (x86)\\LogMeIn\\x64\\LogMeInSystray.exe\" File not found

O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\\Run: [XboxStat] C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\\Run: []  File not found

O4 - HKLM..\\Run: [ApnUpdater] C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe (Ask)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [avast] C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [HydraVisionDesktopManager] C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe (AMD)

O4 - HKCU..\\Run: [Steam] C:\\Program Files (x86)\\Steam\\steam.exe (Valve Corporation)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLUA = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: PromptOnSecureDesktop = 0

O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000007 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000007 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{75086C6F-4338-4956-A733-5638F01D4034}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/22 00:36:01 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SpeedFan

[2013/07/22 00:36:00 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\SpeedFan

[2013/07/22 00:35:59 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SpeedFan

[2013/07/19 17:58:44 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (7)

[2013/07/19 17:09:49 | 000,270,824 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswNdis2.sys

[2013/07/19 17:09:47 | 000,131,232 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswFW.sys

[2013/07/19 17:09:29 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\avast! Internet Security

[2013/07/14 00:43:51 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\Data

[2013/07/13 22:48:23 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (6)

[2013/07/11 00:44:44 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\Extensions

[2013/07/11 00:44:43 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\searchplugins

[2013/07/11 00:44:35 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2013/07/11 00:44:13 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\DSite

[2013/07/11 00:44:10 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Tarma Installer

[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Roaming\\Babylon

[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Babylon

[2013/07/10 23:10:08 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Google Earth

[2013/07/08 23:50:38 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (5)

[2013/06/29 22:19:34 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Local\\ElevatedDiagnostics

[2013/06/29 17:26:38 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Desktop\\New folder (4)

[2013/06/29 17:16:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/29 17:16:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/29 17:16:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Java

[2013/06/28 16:55:09 | 000,000,000 | ---D | C] -- C:\\ProgramData\\ATI

[2013/06/28 16:54:34 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AMD AVT

[2013/06/28 16:54:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\AMD VISION Engine Control Center

[2013/06/26 00:12:44 | 000,000,000 | ---D | C] -- C:\\Users\\User\\Documents\\Rockstar Games

[2013/06/26 00:10:18 | 000,000,000 | -HSD | C] -- C:\\ProgramData\\SecuROM

[2013/06/26 00:05:09 | 000,000,000 | ---D | C] -- C:\\Users\\User\\AppData\\Local\\Rockstar Games

[2013/06/26 00:05:01 | 000,000,000 | RH-D | C] -- C:\\Users\\User\\AppData\\Roaming\\SecuROM

[2013/06/26 00:05:00 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\\Windows\\SysWow64\\CmdLineExt_x64.dll

[1 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/25 20:27:01 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/07/25 20:19:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 19:51:56 | 000,000,890 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/07/25 19:51:43 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/07/25 19:51:39 | 2132,877,311 | -HS- | M] () -- C:\\hiberfil.sys

[2013/07/22 00:35:59 | 000,000,045 | ---- | M] () -- C:\\Windows\\SysWow64\\initdebug.nfo

[2013/07/19 17:09:47 | 000,000,000 | ---- | M] () -- C:\\Windows\\SysWow64\\config.nt

[2013/07/19 17:09:29 | 000,001,922 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Internet Security.lnk

[2013/07/14 18:30:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2013/07/14 18:30:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2013/07/11 01:05:08 | 000,001,138 | ---- | M] () -- C:\\Users\\User\\Desktop\\Continue Zip Opener Installation.lnk

[2013/07/10 23:10:08 | 000,002,212 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Earth.lnk

[2013/06/29 17:16:20 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/06/29 17:16:19 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\npDeployJava1.dll

[2013/06/29 17:16:19 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\deployJava1.dll

[2013/06/29 17:16:19 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/06/28 20:01:57 | 000,001,943 | ---- | M] () -- C:\\Users\\User\\Desktop\\Heroes of Newerth.lnk

[2013/06/28 19:56:17 | 000,001,949 | ---- | M] () -- C:\\Users\\User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Heroes of Newerth.lnk

[2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys

[2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSP.sys

[2013/06/27 20:50:29 | 000,189,936 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswSP.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys.sum

[2013/06/26 00:05:00 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\\Windows\\SysWow64\\CmdLineExt_x64.dll

[1 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/22 00:35:59 | 000,000,045 | ---- | C] () -- C:\\Windows\\SysWow64\\initdebug.nfo

[2013/07/19 17:09:29 | 000,001,922 | ---- | C] () -- C:\\Users\\Public\\Desktop\\avast! Internet Security.lnk

[2013/07/11 01:05:08 | 000,001,138 | ---- | C] () -- C:\\Users\\User\\Desktop\\Continue Zip Opener Installation.lnk

[2013/07/10 23:10:08 | 000,002,212 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Google Earth.lnk

[2013/06/28 20:01:57 | 000,001,943 | ---- | C] () -- C:\\Users\\User\\Desktop\\Heroes of Newerth.lnk

[2013/06/28 19:56:17 | 000,001,949 | ---- | C] () -- C:\\Users\\User\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Heroes of Newerth.lnk

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswSP.sys.sum

[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys.sum

[2013/05/18 17:36:36 | 000,000,023 | ---- | C] () -- C:\\Windows\\BlendSettings.ini

[2013/03/29 03:13:14 | 000,798,734 | ---- | C] () -- C:\\Windows\\SysWow64\\amdocl_ld32.exe

[2013/03/29 03:13:12 | 000,995,342 | ---- | C] () -- C:\\Windows\\SysWow64\\amdocl_as32.exe

[2013/03/19 13:35:31 | 000,281,392 | ---- | C] () -- C:\\Windows\\SysWow64\\PnkBstrB.exe

[2013/03/19 13:35:28 | 003,123,272 | ---- | C] () -- C:\\Windows\\SysWow64\\pbsvc.exe

[2013/03/19 13:35:28 | 000,076,888 | ---- | C] () -- C:\\Windows\\SysWow64\\PnkBstrA.exe

[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\\Windows\\SysWow64\\kdbsdk32.dll

[2012/07/21 20:09:05 | 000,000,092 | ---- | C] () -- C:\\Users\\User\\AppData\\Local\\fusioncache.dat

[2012/07/21 19:35:56 | 000,777,350 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2012/07/03 23:45:08 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin

[2012/07/03 23:19:45 | 000,000,010 | ---- | C] () -- C:\\Windows\\GSetup.ini

[2012/06/11 17:50:16 | 000,204,952 | ---- | C] () -- C:\\Windows\\SysWow64\\ativvsvl.dat

[2012/06/11 17:50:16 | 000,157,144 | ---- | C] () -- C:\\Windows\\SysWow64\\ativvsva.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\\Windows\\SysWow64\\xlive.dll.cat

[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\\Windows\\SysWow64\\atipblag.dat

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

 

< End of report >

 

And

 


OTL Extras logfile created on: 25/07/2013 20:43:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\User\\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free

15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.html[@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\\system32\\mshtml.dll,PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\\system32\\mshtml.dll,PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = 28 4D B2 76 41 04 CA 01  [binary data]

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{022BB7A6-E93F-40CF-BF6E-835D0A5BF5A9}\" = rport=137 | protocol=17 | dir=out | app=system | 

\"{192D7AA8-6247-4283-B4A2-1142989B4B79}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{1C1CFD69-EA95-431D-AD99-FCC0C6583396}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{1E8001FC-818A-48E5-8242-99D4C16E3769}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{201B7AD3-942D-4297-983A-0194FCBBC7A4}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

\"{6156C471-5DCD-4DD6-B08E-A6CECD75B887}\" = rport=445 | protocol=6 | dir=out | app=system | 

\"{626A6ABD-2DE9-4243-B4C2-C39480494DD0}\" = lport=138 | protocol=17 | dir=in | app=system | 

\"{7F32CB6C-FF69-40F7-B699-8F9701462919}\" = lport=445 | protocol=6 | dir=in | app=system | 

\"{8202EE9A-7038-4547-B2E0-B314DBF6A738}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{89DAF9CA-5BCB-43E8-8F93-4ADC9FE6F8CB}\" = lport=2869 | protocol=6 | dir=in | app=system | 

\"{9708DB45-49D9-43FD-B706-69AB5861A351}\" = lport=10243 | protocol=6 | dir=in | app=system | 

\"{A1B92A72-868C-408B-82B3-D0D0F3CBB1C0}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe | 

\"{A338C330-B9F0-46A9-8F04-B3C0A3705D0A}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{B23A613A-BFCC-4387-9AAA-4659366FDD69}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{B90F458F-5B01-49D9-A62A-BA2AD9B640C8}\" = rport=139 | protocol=6 | dir=out | app=system | 

\"{C081E5CC-1890-424D-812D-0E903DE18E61}\" = lport=139 | protocol=6 | dir=in | app=system | 

\"{C2605413-C430-441E-AA81-89DFF392E82D}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe | 

\"{C2C93281-0498-467D-9CAC-13B7B7D8F5D0}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{CE270624-33A6-4DF5-AE06-BC458A0A64F3}\" = rport=10243 | protocol=6 | dir=out | app=system | 

\"{D04D07D8-4219-40BF-9EC8-E9FA8C84C530}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{D1DA3F1F-1E64-42C7-99FE-E64865424F41}\" = rport=138 | protocol=17 | dir=out | app=system | 

\"{DDC0F028-B6CE-4A4D-885B-50D694C6D64C}\" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\smsvchost.exe | 

\"{DE620684-8667-415F-B876-886497039C08}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe | 

\"{E5891FB8-4F9C-4640-967E-529B896126C6}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

\"{F1BB9D44-7873-42B6-B016-9A186E4EE2A3}\" = lport=137 | protocol=17 | dir=in | app=system | 

\"{F2A202A3-76AA-4C36-9042-D1AA4DF43D1B}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{FA93B714-C5BB-47F3-987A-6BD9C1779AAD}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe | 

\"{FD7E8F05-2D26-4C2D-8E0E-7B7DCAE03FDA}\" = rport=80 | protocol=6 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{018B41FC-3575-491B-B30E-8CE2AAAFC95E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.x64.exe | 

\"{028BB826-4DB9-420F-A22D-71829D931679}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\war of the roses\\run_game.exe | 

\"{02FAB3CA-EE2F-4A61-95DE-C648508EC49E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\ted.exe | 

\"{0763AA77-E426-4C25-BEC0-0CCDCD40A336}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dxhrml\\dxhrml.exe | 

\"{088796FC-A60C-40BB-80AB-21F5F6A8B8F9}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dark souls prepare to die edition\\data\\darksouls.exe | 

\"{0CC38C2B-E044-4EDC-B3D7-BE34A45EA75E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\bonjour\\mdnsresponder.exe | 

\"{0DC9F55C-3BC8-4BD2-A1D6-4C04A4D889CE}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dota 2 beta\\dota.exe | 

\"{0FE36175-5006-4934-9C48-9EF3917A3C00}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\dragon age ultimate edition\\bin_ship\\daupdatersvc.service.exe | 

\"{10F0C992-BA42-4623-A790-4B32F8E771B0}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\universe sandbox\\universe sandbox.exe | 

\"{115D6BA2-F951-4706-A6A9-4F63366D54EB}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\botanicula\\botanicula.exe | 

\"{1381AA0A-5436-4321-8A14-8B54B67AC7EC}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\witcher.exe | 

\"{18848132-9F94-43ED-83B6-149CC4E54C4D}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\witcher.exe | 

\"{194B3CE8-C9B4-433D-9B39-61D4DE190CF3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\war of the roses\\run_game.exe | 

\"{1E28E069-54B2-450B-B94F-140863F7D0F1}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\crusader kings ii\\ck2game.exe | 

\"{214E9AEC-D6E9-4CD1-8AA9-003082B76DB6}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe | 

\"{22472336-D814-42A4-A02A-E4FF2F8E2B74}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\pando networks\\media booster\\pmb.exe | 

\"{24A5B619-8120-4E64-9421-D52FE7235999}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\redfactionarmageddon_dx11.exe | 

\"{24DA127B-E420-43D5-9746-EAFF04767B64}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\grand theft auto iv\\gtaiv\\gtaiv.exe | 

\"{25C40D1F-1632-44BC-9120-3C79BCA7831E}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\snuggle truck\\snuggle truck.exe | 

\"{298A186E-2067-4F9B-86E9-21F22C2BCD1D}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\orcs must die 2\\build\\release\\orcsmustdie2.exe | 

\"{29B91FA6-D746-495C-B994-8461D6288579}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\jedi academy\\gamedata\\jasp.exe | 

\"{2A02E983-EDE4-4721-9D6A-F932D6D7119C}\" = protocol=6 | dir=in | app=c:\\programdata\\battle.net\\agent\\agent.1040\\agent.exe | 

\"{2A1FBE0D-52E9-44BA-B375-26AB600DADE0}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\trine 2\\trine2_launcher.exe | 

\"{2B58AEA8-3E39-4F96-9F73-C313C04D567B}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\solar 2\\solar2.exe | 

\"{2B734F63-590B-4DA7-8803-9BAFA113C954}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat | 

\"{2B799BD6-E658-4605-834D-03F745C995D2}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\blood bowl legendary edition\\bb_le.exe | 

\"{2C94ABE5-4F14-4786-802C-2738F0CCD93A}\" = protocol=17 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe | 

\"{2D7C42D8-71F8-44DD-B48D-6D2955710FB3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\stronghold\\stronghold.exe | 

\"{3229A269-6172-4D2E-AF3F-2A2138B45E99}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe | 

\"{32860CA1-B54B-45D4-A6B1-3C40B5E9DC20}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\oblivion\\oblivionlauncher.exe | 

\"{3367AC6D-46F1-4697-A146-4CD26B55E887}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\braid\\braid.exe | 

\"{33E2459B-907D-4028-8EB8-0D0D5B64805F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\sacred 2 gold\\system\\sacred2.exe | 

\"{33E2699D-83F8-4D1C-85AD-63F291120E85}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\pando networks\\media booster\\pmb.exe | 

\"{362BF82C-9718-4167-A562-5BC511142F33}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\darksiders\\darksiderspc.exe | 

\"{37CEA0D8-9B94-42E3-B9BD-AAAA52C4EF93}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\trine 2\\trine2_launcher.exe | 

\"{3833F05F-1906-4A01-8962-C1A58D20B623}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\limbo\\limbo.exe | 

\"{3B287A57-ECB7-45AB-9881-E5D329C8641D}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\ted.exe | 

\"{3D2F22AA-8CBF-4C8E-BA83-DEDDDC492A49}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\rf4_launcher.exe | 

\"{3D448F94-4726-4CDA-BF07-C5F3A8145C2B}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\tools\\launcher.exe | 

\"{3FC61EBB-C6A5-4B10-AECD-4F1B1FAE98BF}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\saints row the third\\game_launcher.exe | 

\"{3FF22886-A888-4012-BBEA-A065F8D66E5A}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\electronic arts\\bioware\\star wars - the old republic\\launcher.exe | 

\"{40FE5BAE-EB6D-4DAC-801E-6CFCC431E2C0}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\sacred 2 gold\\system\\sacred2.exe | 

\"{457610C2-2FE4-49E6-8EAD-72D07CFA42A8}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\total war shogun 2\\shogun2.exe | 

\"{45F16EDC-048A-44CB-BD54-D6DB3C135D79}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\limbo\\limbo.exe | 

\"{45F61C3E-B45C-4201-9984-61792D25AE62}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\metro 2033\\metro2033.exe | 

\"{4726A874-7914-4B3E-AC76-477ECBE00D8C}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\planetside 2\\launchpad.exe | 

\"{48235DA2-2661-45DE-BFB1-7E97124920C3}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\magic 2014\\dotp_d14.exe | 

\"{48FAEAC7-92A6-4C1B-B9D3-C6AD71AB93FA}\" = protocol=17 | dir=out | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{492BF53D-37D3-4B57-BF83-94A64BC58C54}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\red faction armageddon\\redfactionarmageddon.exe | 

\"{494CB7CF-8E83-4C6B-A9AC-492CAB439D69}\" = protocol=58 | dir=out | [email protected],-28546 | 

\"{496A19C1-10F4-47D4-871B-E296445DE4D1}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\warframe\\warframe.exe | 

\"{49A46A02-3DB7-4427-AB17-823DCB8D8563}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steam.exe | 

\"{4B0A53EB-3650-4301-9793-F3D216913900}\" = protocol=58 | dir=in | [email protected],-28545 | 

\"{4BCD88BB-D67A-46DD-864B-7F823C6B3C0F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\machinarium\\machinarium.exe | 

\"{4D1A8A6E-1A15-4D47-88BB-F0579AFCCB17}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\the witcher enhanced edition\\system\\djinni!.exe | 

\"{4DDCD0DE-E50F-4227-A931-6094BE20ACA0}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\jedi outcast\\gamedata\\jk2sp.exe | 

\"{4F3C7205-D3CA-4D9B-9A2C-CD5F5E99325D}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe | 

\"{4F5BBBA6-E7C2-4E39-B79C-BAD1C63E0DDA}\" = protocol=6 | dir=out | app=system | 

\"{53F37ED1-E7F3-4BE0-A3A1-40F005F82C24}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steam.exe | 

\"{54972C52-8AA0-49AE-8EB1-2DB01D46C91A}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\legend of grimrock\\grimrock.exe | 

\"{567F2BED-B3AA-453B-8BB2-1FF93519E45F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\steam\\steamapps\\common\\mountblade warband\\mb_warband.exe | 

\"{5756EA92-9AF8-4E9D-93A3-498A2D9EB2A6}\" = protocol=17 | dir=in | app=c:\

2
Tech Clinic / Do I have a Trojan?
« on: July 23, 2013, 02:58:54 PM »

No, I have had no help, I do not know that there is anything wrong with my PC, it is running fine, I was simply told you could tell me weather or not I have any malware in my system specifically a Trojan.



3
Tech Clinic / Do I have a Trojan?
« on: July 12, 2013, 04:34:43 PM »

I found A virus on my PC called MyDeltaTB.exe. Avast caught it and moved it to the chest where I deleted it however I am paranoid about Trojans and would like a definitive answer as to weather I have a Trojan or other malicious virus in my PC. Here is the log file 


 


Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 22:21:29, on 12/07/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

 

 

Boot mode: Normal

 

Running processes:

C:\\Program Files (x86)\\Steam\\Steam.exe

C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe

C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe

C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe

C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe

C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Users\\User\\Downloads\\HijackThis.exe

 

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = 

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\\Program Files (x86)\\Ask.com\\GenericAskToolbar.dll

O4 - HKLM\\..\\Run: [avast] \"C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe\" /nogui

O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"

O4 - HKLM\\..\\Run: [ApnUpdater] \"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"

O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"

O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun

O4 - HKCU\\..\\Run: [Steam] \"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent

O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun

O4 - HKCU\\..\\Run: [HydraVisionDesktopManager] \"C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe\"

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~2\\COMMON~1\\Skype\\SKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\\Windows\\system32\\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\\Program Files\\ATI Technologies\\ATI.ACE\\Fuel\\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\\Program Files (x86)\\Steam\\steamapps\\common\\Dragon Age Ultimate Edition\\bin_ship\\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\\Program Files (x86)\\Hi-Rez Studios\\HiPatchService.exe

O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

 

--

End of file - 9109 bytes

 


Pages: [1]