My PC has been compromised with a rootkit, which is hiding keyloggers and possibly backdoors and god knows what else.
I´ve ran a lot of rootkit scans, but none showed any threats, but I´m pretty certain there is one and probably backdoors.
I would like some advise on how to deal with this since I´m running out of options on what to do, I´ve checked a lot of guides but none really worked.
If some experts could checkout my hijackthis logs would be great, although I think this rootkit is also hiding from logs.
Today I ran Roguekiller and it did find something strange:
¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 654e352871837011b4f8af029e0ff940
[BSP] 5711017d73af764942470f44f0c2584f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610477 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] ade521bef2454521022876a5b691ceed
[BSP] 1eb4a2c578f759820660b1f07e6dc864 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] c0987d86a3428309fc2a88436888f7c5
[BSP] cea2d875a1f1581ed70ed067a0d69c2e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
OTL SCANNING RESULTS:
OTL logfile created on: 23/10/2012 0:30:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\********\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
6,00 Gb Total Physical Memory | 3,90 Gb Available Physical Memory | 65,04% Memory free
12,00 Gb Paging File | 8,96 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 243,22 Gb Free Space | 81,60% Space Free | Partition Type: NTFS
Drive D: | 182,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1397,26 Gb Total Space | 73,66 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 495,86 Gb Free Space | 83,17% Space Free | Partition Type: NTFS
Computer Name: *********** | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/23 00:29:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
PRC - [2012/10/11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/07 15:50:27 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/21 13:22:22 | 003,341,464 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/11/20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/07 15:51:35 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/07 15:51:34 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012/10/07 15:51:34 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/07 15:51:34 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/07 15:51:33 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/09/03 23:08:45 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/07/28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/15 15:32:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 09:49:34 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/24 09:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 13:16:27 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/13 17:24:04 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/13 17:24:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/22 15:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/01/27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2012/04/09 16:59:32 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/31 16:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = google.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FA 6A 87 79 FA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0EA9F28E-8032-4C11-9B2D-4C45BD4C8ED7}: "URL" = http://websearch.ask...21-87B8D1D3DAC3
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alec\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 21:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/20 20:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2012/10/22 21:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\mozilla\Extensions
[2012/10/22 21:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/11 05:57:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 05:57:25 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/10/11 05:57:25 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/10/11 05:57:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/10/11 05:57:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/10/11 05:57:25 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2012/10/03 01:13:46 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC5D33DC-6D75-4793-9F65-FA33DC9A55BB}: DhcpNameServer = 87.216.1.65 87.216.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 15:32:38 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\setup.exe -- [2009/05/12 13:43:59 | 000,124,168 | R--- | M] (Logitech, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/22 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\RK_Quarantine
[2012/10/22 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\Gmer ARK
[2012/10/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6166DAA6-E1A3-402F-99B5-104C75CDDBE2}
[2012/10/21 13:32:10 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{D9EA37CB-6B29-4DB8-B277-67B8556F82A3}
[2012/10/21 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{07FF31DE-3A87-475D-BB2A-F5CB5B153E65}
[2012/10/20 20:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/20 13:58:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{DF90467D-BB41-4E19-BCF0-C15E1CDDDCC1}
[2012/10/19 15:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012/10/19 13:48:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\Apache
[2012/10/19 13:31:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{59955212-AB57-4CE1-914B-6647A0C4D2C1}
[2012/10/19 00:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/18 21:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/18 21:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/18 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012/10/18 20:43:51 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/10/18 20:43:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/18 20:43:18 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 20:43:18 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/10/18 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{605CDCE8-4800-46A3-8EE1-76F0D39B5B65}
[2012/10/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CC40E875-C85C-4699-B926-A75670382EF1}
[2012/10/16 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B1600356-9D56-4432-BCBD-2B53333074CA}
[2012/10/16 00:54:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9CC1B5AC-9BB4-4854-B129-151D860E195D}
[2012/10/15 12:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{13BF1897-28F7-4F41-A444-37160068423B}
[2012/10/14 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{924ECC4A-3822-4F4D-8EF7-FEC5B87C77D2}
[2012/10/13 12:37:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A3E62418-B9E8-439B-BEEC-3EA6D29B2294}
[2012/10/12 12:38:41 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{3CF8EAAB-A28D-4DAC-A77C-DB8492970EC1}
[2012/10/12 00:38:17 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C2F07A76-52F0-4287-B47F-2EF2D7B774FF}
[2012/10/11 22:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/10/11 22:13:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\PowerISO
[2012/10/11 22:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/10/11 22:11:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/11 22:11:28 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/10/11 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/10/11 12:37:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9265CE8C-0281-485F-897E-12E87A70095E}
[2012/10/10 13:22:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6510A39D-E44D-4489-A564-717D86F2E071}
[2012/10/09 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BA70EAA4-C22B-4881-AB13-8C5D2705CD45}
[2012/10/08 13:10:49 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0DAEE206-3E8B-4A0C-A656-2638953D7EE7}
[2012/10/07 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/10/07 15:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/10/07 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/10/07 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7299AFED-2B9A-40F5-B5F1-3C2E933ABA1E}
[2012/10/06 13:20:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/10/06 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/10/06 13:20:14 | 000,000,000 | ---D | C] -- C:\Games
[2012/10/06 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{14590115-9113-4002-8ACE-F8AD3998FCFE}
[2012/10/05 13:32:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{20D400D4-BD1F-46E3-902A-BC6F3BC8A8E7}
[2012/10/04 03:47:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{4BA360FD-3272-4F63-A67B-5086C68E3D08}
[2012/10/03 15:10:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/10/03 15:10:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/10/03 15:10:36 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/10/03 15:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/10/03 15:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/10/03 15:04:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7A0D51BB-1C44-4D34-8D0A-695B80BD4F8E}
[2012/10/03 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7F963431-B65F-4CA2-9FBC-347C982A68BA}
[2012/10/03 02:39:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{AA2F9AC1-D6AD-489F-AD13-AC5F5DB916FD}
[2012/10/03 01:50:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/10/03 01:00:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/02 12:56:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{37F4BD8F-5B46-4F54-BEF3-6E2FFFA0D128}
[2012/10/01 13:48:53 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{75DF4574-D685-4800-867C-AA8D4D428CBB}
[2012/09/30 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B121B934-3D3D-441D-88CD-0E9968F1F2E2}
[2012/09/29 13:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{525C74AE-439D-4FF5-B011-312ED9D27820}
[2012/09/28 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{80344DE4-465A-43D4-BB59-6672D469CAF7}
[2012/09/28 02:15:16 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A31123C6-F106-454A-B484-CCC7B01BA0A1}
[2012/09/27 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C16161E5-F1B2-46AC-B015-C874BEFB8AEE}
[2012/09/26 13:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A2FA5FFD-2332-4659-9825-2CB111DCC09D}
[2012/09/26 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BD083A99-991D-41DE-A068-130C1A1D0323}
[2012/09/25 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0118A4F0-A182-4DFC-A48A-63D310DFADAF}
[2012/09/24 15:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
[2012/09/24 13:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/24 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CDF56A1A-7AE3-4781-823A-E95B9DDABE33}
[2012/09/24 04:22:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\CheckPoint
[2012/09/24 04:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/23 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{264427C6-CE65-4C16-BE0A-6B3E7DB54336}
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/22 21:44:44 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 21:28:04 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/22 21:28:04 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/22 21:28:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 21:28:04 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/22 21:28:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 21:21:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/22 20:32:56 | 001,425,920 | ---- | M] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | M] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | M] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 13:36:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 21:38:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012/10/18 20:43:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | M] () -- C:\Windows\ÔùC
[2012/10/11 22:12:28 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/11 20:46:41 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/07 15:50:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | M] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 20:53:31 | 071,831,387 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:24 | 072,907,101 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/22 21:44:44 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/22 21:44:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 20:32:55 | 001,425,920 | ---- | C] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | C] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | C] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 20:44:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | C] () -- C:\Windows\ÔùC
[2012/10/11 22:24:24 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/10/11 22:12:28 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/07 15:50:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | C] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:46:51 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/10/03 15:10:34 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/09/28 20:53:30 | 071,831,387 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:22 | 072,907,101 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[2012/09/17 12:11:14 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/17 12:11:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/14 22:43:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/14 22:39:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/14 22:39:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/14 22:39:28 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/03 01:24:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/08/13 14:27:17 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011/08/13 14:24:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Edited by Blackbird10, 22 October 2012 - 04:40 PM.