dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3468
share rss forum feed

Blackbird10

join:2012-10-22

[Rootkit] Rootkit in W7, very hard to detect

Hi,
My PC has been compromised with a rootkit, which is hiding keyloggers and possibly backdoors and god knows what else.
I´ve ran a lot of rootkit scans, but none showed any threats, but I´m pretty certain there is one and probably backdoors.
I would like some advise on how to deal with this since I´m running out of options on what to do, I´ve checked a lot of guides but none really worked.
If some experts could checkout my OTL results would be great.

OTL logfile created on: 23/10/2012 0:30:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alec\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 3,90 Gb Available Physical Memory | 65,04% Memory free
12,00 Gb Paging File | 8,96 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 243,22 Gb Free Space | 81,60% Space Free | Partition Type: NTFS
Drive D: | 182,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1397,26 Gb Total Space | 73,66 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 495,86 Gb Free Space | 83,17% Space Free | Partition Type: NTFS

Computer Name: ZILDJIAN90 | User Name: Alec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 00:29:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alec\Downloads\OTL.exe
PRC - [2012/10/11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/07 15:50:27 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/21 13:22:22 | 003,341,464 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/11/20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/07 15:51:35 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/07 15:51:34 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012/10/07 15:51:34 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/07 15:51:34 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/07 15:51:33 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/09/03 23:08:45 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/15 15:32:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 09:49:34 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/24 09:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 13:16:27 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/13 17:24:04 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/13 17:24:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/22 15:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/01/27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2012/04/09 16:59:32 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/31 16:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = google.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FA 6A 87 79 FA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0EA9F28E-8032-4C11-9B2D-4C45BD4C8ED7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYES&apn_uid=10cc1b6b-abef-4191-9208-9ac3816e19eb&apn_sauid=254399BC-AAD9-4926-AF21-87B8D1D3DAC3
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alec\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/10/18 20:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 21:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/20 20:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/10/22 21:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\mozilla\Extensions
[2012/10/22 21:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/11 05:57:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 05:57:25 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/10/11 05:57:25 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/10/11 05:57:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/10/11 05:57:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/10/11 05:57:25 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/10/03 01:13:46 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC5D33DC-6D75-4793-9F65-FA33DC9A55BB}: DhcpNameServer = 87.216.1.65 87.216.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 15:32:38 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\setup.exe -- [2009/05/12 13:43:59 | 000,124,168 | R--- | M] (Logitech, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\RK_Quarantine
[2012/10/22 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\Gmer ARK
[2012/10/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6166DAA6-E1A3-402F-99B5-104C75CDDBE2}
[2012/10/21 13:32:10 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{D9EA37CB-6B29-4DB8-B277-67B8556F82A3}
[2012/10/21 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{07FF31DE-3A87-475D-BB2A-F5CB5B153E65}
[2012/10/20 20:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/20 13:58:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{DF90467D-BB41-4E19-BCF0-C15E1CDDDCC1}
[2012/10/19 15:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012/10/19 13:48:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\Apache
[2012/10/19 13:31:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{59955212-AB57-4CE1-914B-6647A0C4D2C1}
[2012/10/19 00:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/18 21:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/18 21:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/18 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012/10/18 20:43:51 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/10/18 20:43:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/18 20:43:18 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 20:43:18 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/10/18 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{605CDCE8-4800-46A3-8EE1-76F0D39B5B65}
[2012/10/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CC40E875-C85C-4699-B926-A75670382EF1}
[2012/10/16 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B1600356-9D56-4432-BCBD-2B53333074CA}
[2012/10/16 00:54:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9CC1B5AC-9BB4-4854-B129-151D860E195D}
[2012/10/15 12:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{13BF1897-28F7-4F41-A444-37160068423B}
[2012/10/14 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{924ECC4A-3822-4F4D-8EF7-FEC5B87C77D2}
[2012/10/13 12:37:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A3E62418-B9E8-439B-BEEC-3EA6D29B2294}
[2012/10/12 12:38:41 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{3CF8EAAB-A28D-4DAC-A77C-DB8492970EC1}
[2012/10/12 00:38:17 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C2F07A76-52F0-4287-B47F-2EF2D7B774FF}
[2012/10/11 22:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/10/11 22:13:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\PowerISO
[2012/10/11 22:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/10/11 22:11:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/11 22:11:28 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/10/11 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/10/11 12:37:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9265CE8C-0281-485F-897E-12E87A70095E}
[2012/10/10 13:22:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6510A39D-E44D-4489-A564-717D86F2E071}
[2012/10/09 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BA70EAA4-C22B-4881-AB13-8C5D2705CD45}
[2012/10/08 13:10:49 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0DAEE206-3E8B-4A0C-A656-2638953D7EE7}
[2012/10/07 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/10/07 15:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/10/07 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/10/07 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7299AFED-2B9A-40F5-B5F1-3C2E933ABA1E}
[2012/10/06 13:20:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/10/06 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/10/06 13:20:14 | 000,000,000 | ---D | C] -- C:\Games
[2012/10/06 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{14590115-9113-4002-8ACE-F8AD3998FCFE}
[2012/10/05 13:32:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{20D400D4-BD1F-46E3-902A-BC6F3BC8A8E7}
[2012/10/04 03:47:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{4BA360FD-3272-4F63-A67B-5086C68E3D08}
[2012/10/03 15:10:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/10/03 15:10:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/10/03 15:10:36 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/10/03 15:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/10/03 15:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/10/03 15:04:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7A0D51BB-1C44-4D34-8D0A-695B80BD4F8E}
[2012/10/03 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7F963431-B65F-4CA2-9FBC-347C982A68BA}
[2012/10/03 02:39:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{AA2F9AC1-D6AD-489F-AD13-AC5F5DB916FD}
[2012/10/03 01:50:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/10/03 01:00:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/02 12:56:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{37F4BD8F-5B46-4F54-BEF3-6E2FFFA0D128}
[2012/10/01 13:48:53 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{75DF4574-D685-4800-867C-AA8D4D428CBB}
[2012/09/30 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B121B934-3D3D-441D-88CD-0E9968F1F2E2}
[2012/09/29 13:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{525C74AE-439D-4FF5-B011-312ED9D27820}
[2012/09/28 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{80344DE4-465A-43D4-BB59-6672D469CAF7}
[2012/09/28 02:15:16 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A31123C6-F106-454A-B484-CCC7B01BA0A1}
[2012/09/27 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C16161E5-F1B2-46AC-B015-C874BEFB8AEE}
[2012/09/26 13:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A2FA5FFD-2332-4659-9825-2CB111DCC09D}
[2012/09/26 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BD083A99-991D-41DE-A068-130C1A1D0323}
[2012/09/25 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0118A4F0-A182-4DFC-A48A-63D310DFADAF}
[2012/09/24 15:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
[2012/09/24 13:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/24 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CDF56A1A-7AE3-4781-823A-E95B9DDABE33}
[2012/09/24 04:22:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\CheckPoint
[2012/09/24 04:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/23 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{264427C6-CE65-4C16-BE0A-6B3E7DB54336}
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 21:44:44 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 21:28:04 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/22 21:28:04 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/22 21:28:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 21:28:04 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/22 21:28:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 21:21:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/22 20:32:56 | 001,425,920 | ---- | M] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | M] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | M] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 13:36:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 21:38:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012/10/18 20:43:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | M] () -- C:\Windows\ÔùC
[2012/10/11 22:12:28 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/11 20:46:41 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/07 15:50:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | M] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 20:53:31 | 071,831,387 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:24 | 072,907,101 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 21:44:44 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/22 21:44:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 20:32:55 | 001,425,920 | ---- | C] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | C] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | C] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 20:44:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | C] () -- C:\Windows\ÔùC
[2012/10/11 22:24:24 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/10/11 22:12:28 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/07 15:50:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | C] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:46:51 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/10/03 15:10:34 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/09/28 20:53:30 | 071,831,387 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:22 | 072,907,101 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[2012/09/17 12:11:14 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/17 12:11:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/14 22:43:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/14 22:39:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/14 22:39:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/14 22:39:28 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/03 01:24:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/08/13 14:27:17 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011/08/13 14:24:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

ASWMBR report: (bold sentences showed in yellow!)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 00:44:54
-----------------------------
00:44:54.301 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:54.301 Number of processors: 8 586 0x1A05
00:44:54.301 ComputerName: ZILDJIAN90 UserName: Alec
00:44:54.942 Initialize success
00:45:03.650 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
00:45:03.652 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610479MB BusType: 3
00:45:03.653 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
00:45:03.654 Disk 1 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
00:45:03.663 Disk 1 MBR read successfully
00:45:03.665 Disk 1 MBR scan
00:45:03.666 Disk 1 Windows 7 default MBR code
00:45:03.668 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
00:45:03.671 Disk 1 scanning C:\Windows\system32\drivers
00:45:08.172 Service scanning
00:45:12.271 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
00:45:12.313 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
00:45:12.341 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
00:45:12.680 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
00:45:13.029 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
00:45:13.045 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
00:45:18.584 Modules scanning
00:45:18.588 Disk 1 trace - called modules:
00:45:18.599 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:45:18.603 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800605d060]
00:45:18.606 3 CLASSPNP.SYS[fffff880021ca43f] -> nt!IofCallDriver -> [0xfffffa8005d57520]
00:45:18.609 5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005d56060]
00:45:18.612 Scan finished successfully
00:48:45.252 Disk 1 MBR has been saved successfully to "C:\Users\Alec\Desktop\MBR.dat"
00:48:45.255 The log file has been saved successfully to "C:\Users\Alec\Desktop\aswMBR.txt"

MBAM showed no threats, but I did run Roguekiller and found something strange:

RogueKiller:

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 654e352871837011b4f8af029e0ff940
[BSP] 5711017d73af764942470f44f0c2584f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610477 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] ade521bef2454521022876a5b691ceed
[BSP] 1eb4a2c578f759820660b1f07e6dc864 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] c0987d86a3428309fc2a88436888f7c5
[BSP] cea2d875a1f1581ed70ed067a0d69c2e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : >
RKreport[1].txt


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Blackbird10

join:2012-10-22
reply to Blackbird10

Hi,
First thanks for your help it is greatly appreciated.
Here is my Combofix log:

ComboFix 12-10-23.01 - Alec 23/10/2012 14:12:27.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.6142.4244 [GMT 2:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 12:15 . 2012-10-23 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 11:48 . 2012-10-19 11:57 -------- d-----w- c:\users\Alec\AppData\Local\Apache
2012-10-18 22:18 . 2012-10-18 22:18 -------- d-----w- c:\program files\HitmanPro
2012-10-18 19:59 . 2012-10-18 22:21 -------- d-----w- c:\programdata\HitmanPro
2012-10-18 19:57 . 2012-10-18 19:57 -------- d-----w- c:\programdata\Tarma Installer
2012-10-18 18:43 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\windows\ELAMBKUP
2012-10-18 18:43 . 2012-10-23 11:57 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 19:01 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-18 18:43 . 2012-08-13 16:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-10-11 20:24 . 2012-10-11 20:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-10-11 20:13 . 2012-10-11 20:13 -------- d-----w- c:\users\Alec\AppData\Roaming\PowerISO
2012-10-11 20:11 . 2012-10-11 20:11 -------- d--h--w- c:\programdata\Common Files
2012-10-11 20:11 . 2012-10-11 20:12 -------- d-----w- c:\program files (x86)\PowerISO
2012-10-11 20:11 . 2012-08-24 07:56 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-10-07 13:50 . 2012-10-07 14:45 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-07 13:50 . 2012-10-23 11:42 -------- d-----w- c:\program files (x86)\Steam
2012-10-06 11:20 . 2012-10-06 11:20 -------- d-----w- C:\Games
2012-10-03 16:46 . 2012-05-22 13:36 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-10-03 13:10 . 2011-11-03 07:49 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-10-03 13:10 . 2011-11-03 07:49 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-10-03 13:10 . 2011-11-03 07:49 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-10-03 13:10 . 2012-10-03 13:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-10-02 23:50 . 2012-10-03 14:02 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-02 23:29 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt2F2E.tmp
2012-10-02 23:03 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt391C.tmp
2012-09-24 13:22 . 2012-09-24 13:22 -------- d-sh--w- c:\windows\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2012-09-24 11:25 . 2012-09-24 11:25 -------- d-----w- c:\program files\Enigma Software Group
2012-09-24 11:25 . 2012-09-24 11:56 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-24 02:22 . 2012-09-24 02:22 -------- d-----w- c:\users\Alec\AppData\Roaming\CheckPoint
2012-09-24 02:20 . 2012-09-24 02:20 -------- d-----w- c:\programdata\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 19:01 . 2012-07-25 12:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-18 19:01 . 2012-05-25 17:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-11 18:46 . 2012-09-17 10:53 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-11 18:46 . 2012-09-17 10:11 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-11 18:46 . 2012-09-17 10:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-03 16:48 . 2012-09-17 10:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-29 17:54 . 2012-09-15 13:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 13:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-08 13:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-08 13:00 . 2012-09-08 13:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-08 13:00 . 2012-09-08 13:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-08 13:00 . 2012-09-08 13:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-08 13:00 . 2012-09-08 13:00 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-08 13:00 . 2012-09-08 13:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-08 13:00 . 2012-09-08 13:00 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-08 13:00 . 2012-09-08 13:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-08 13:00 . 2012-09-08 13:00 448512 ----a-w- c:\windows\system32\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-08 13:00 . 2012-09-08 13:00 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-08 13:00 . 2012-09-08 13:00 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-08 13:00 . 2012-09-08 13:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-08 13:00 . 2012-09-08 13:00 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-08 13:00 . 2012-09-08 13:00 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-08 13:00 . 2012-09-08 13:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 237056 ----a-w- c:\windows\system32\url.dll
2012-09-08 13:00 . 2012-09-08 13:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-08 13:00 . 2012-09-08 13:00 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-09-08 13:00 . 2012-09-08 13:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-08 13:00 . 2012-09-08 13:00 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-08 13:00 . 2012-09-08 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-08 13:00 . 2012-09-08 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-08 13:00 . 2012-09-08 13:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-08 13:00 . 2012-09-08 13:00 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-08 13:00 . 2012-09-08 13:00 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-08 12:04 . 2012-09-08 12:04 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-08 11:59 . 2012-09-08 12:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:59 . 2012-09-08 12:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:59 . 2011-08-13 13:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 23:49 . 2012-09-08 13:48 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1447D990-7F00-4F4B-BA25-828FE792538C}\mpengine.dll
2012-08-13 14:49 . 2012-08-13 14:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-03 02:27 . 2012-09-08 12:48 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-02 13:09 . 2012-08-02 13:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-28 04:09 . 2012-04-06 01:34 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-04-06 02:20 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-09-14 20:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-02-08 1015808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-15 5663616]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-21 3341464]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2012-09-25 3076096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 aswArKrn;aswArKrn;c:\users\Alec\AppData\Local\Temp\aswArKrn.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-15 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-18 29528]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\p4gr6p2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2012-10-18 20:43; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-10-18 20:43; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-10-18 20:43; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,e4,19,af,2e,4c,67,92,8d,20,1a,ba,bf,f8,16,d5,36,99,a2,a5,0e,93,a5,
ea,18,69,f7,17,5b,c2,47,79,7a,9b,35,b6,a2,6e,35,80,67,8f,27,cd,9f,05,4b,93,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-23 14:16:18
ComboFix-quarantined-files.txt 2012-10-23 12:16
ComboFix2.txt 2012-10-23 12:06
.
Pre-Run: 260.784.566.272 bytes libres
Post-Run: 260.717.989.888 bytes libres
.
- - End Of File - - A392C6CE4A049B63150AE0AB2656F61F


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Blackbird10

Thanks,

One more program to run...

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Expand your moderator at work