Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVChost Trojan - Firewall disabled [Solved]

Started by mix1911 , Jan 06 2013 08:00 AM

  • This topic is locked This topic is locked

#1
mix1911
Posted 06 January 2013 - 08:00 AM

mix1911

    New Member

  • Member
  • Pip
  • 8 posts
Hello,
I 'm running windows 8 x64 and I noticed that the windows store updates would not complete, giving me the following message: "The app could not be installed because the Windows Firewall service is not running. Please enable the Windows Firewall service and try again."
I checked the firewall to discover that it had been disabled. I tried to enable it and got the (0x80070422) error. I scaned my pc with superantispyware and found 1 item Trojan.Dropper/SVChost-Fake. I have removed it three times and every time I do, I scan and find it again. Same thing with Malwarebytes Anti-Malware. I also performed a scan with both programs in safe mode but they don't find any kind of infection. I don't know if the two issues are related but my past experience and google suggest they may be. Any ideas on how to solve this?
Thanks in advance

This is the OTL log:
OTL logfile created on: 6/1/2013 3:30:08 μμ - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jesus_000\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000408 | Country: Greece | Language: ELL | Date Format: d/M/yyyy

7,85 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 78,56% Memory free
9,04 Gb Paging File | 7,19 Gb Available in Paging File | 79,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,90 Gb Total Space | 35,69 Gb Free Space | 30,02% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 13,20 Mb Free Space | 13,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 255,50 Gb Free Space | 27,43% Space Free | Partition Type: NTFS
Drive F: | 5,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,41 Gb Total Space | 253,01 Gb Free Space | 27,16% Space Free | Partition Type: NTFS
Drive H: | 595,98 Gb Total Space | 231,44 Gb Free Space | 38,83% Space Free | Partition Type: NTFS

Computer Name: MIX-PC | User Name: jesus_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 15:29:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jesus_000\Desktop\OTL.exe
PRC - [2012/12/31 23:23:18 | 000,034,104 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/12/31 23:23:16 | 003,841,336 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/12/31 23:23:16 | 001,502,520 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/12/16 02:35:14 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/05 21:17:50 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/02 22:05:43 | 003,407,784 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/10/09 18:03:50 | 002,035,712 | ---- | M] (AB Team) -- C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/31 23:23:50 | 000,058,168 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/12/31 23:23:50 | 000,044,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/12/31 23:23:50 | 000,033,592 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/12/31 23:23:50 | 000,017,720 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/12/31 23:23:48 | 000,842,040 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/12/31 23:23:48 | 000,196,408 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/12/31 23:23:46 | 000,825,656 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/12/31 23:23:46 | 000,050,488 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/12/31 23:23:46 | 000,034,104 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/12/31 23:23:44 | 000,366,392 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/12/31 23:23:44 | 000,094,520 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/12/31 23:23:42 | 000,590,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/12/31 23:23:42 | 000,134,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/12/31 23:23:42 | 000,017,720 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/12/31 23:23:40 | 000,142,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/12/31 23:23:38 | 008,495,416 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/12/31 23:23:38 | 000,629,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/12/31 23:23:38 | 000,293,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\swscale-0.dll
MOD - [2012/12/31 23:23:36 | 000,587,672 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/12/31 23:23:36 | 000,150,840 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/12/31 23:23:36 | 000,087,352 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/12/31 23:23:32 | 001,010,488 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/12/31 23:23:32 | 000,173,880 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/12/31 23:23:30 | 000,063,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/12/31 23:23:28 | 001,291,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/12/31 23:23:22 | 001,039,160 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/12/31 23:23:22 | 000,953,144 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/12/31 23:23:20 | 005,828,504 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/12/31 23:23:20 | 001,255,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/12/31 23:23:20 | 000,272,216 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/12/31 23:23:18 | 000,034,104 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/12/16 02:35:13 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/05 21:17:44 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/05 12:40:48 | 001,182,672 | ---- | M] () -- C:\Program Files (x86)\Win8codecs\filters\avformat-lav-54.dll
MOD - [2012/11/05 12:40:48 | 000,238,504 | ---- | M] () -- C:\Program Files (x86)\Win8codecs\filters\avutil-lav-52.dll
MOD - [2012/11/05 12:40:48 | 000,183,952 | ---- | M] () -- C:\Program Files (x86)\Win8codecs\filters\libbluray.dll
MOD - [2012/11/05 12:40:46 | 007,870,904 | ---- | M] () -- C:\Program Files (x86)\Win8codecs\filters\avcodec-lav-54.dll
MOD - [2012/04/09 00:42:58 | 004,427,264 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\BSplayer\FFDShow\ffmpeg.dll
MOD - [2012/04/09 00:40:34 | 003,470,848 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\BSplayer\FFDShow\ffdshow.ax
MOD - [2012/04/09 00:39:30 | 000,146,944 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\BSplayer\FFDShow\ff_libmad.dll
MOD - [2009/08/11 21:21:20 | 001,021,440 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\BSplayer\AC3 Filter\ac3filter_intl.dll
MOD - [2009/08/11 21:19:04 | 000,797,184 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\BSplayer\AC3 Filter\ac3filter.ax
MOD - [2005/08/14 22:09:38 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Webteh\BSPlayer\plugins\oldskin.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/10/18 01:52:28 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/10/01 09:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2012/09/20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 08:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/20 08:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/26 05:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 05:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 05:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 05:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012/12/26 10:58:42 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/05 21:17:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/11/02 22:05:43 | 003,407,784 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/26 15:30:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 09:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 09:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/06 09:36:14 | 000,096,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/11/06 09:35:34 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/18 01:52:18 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/10/18 01:52:16 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/10/12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 09:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/20 08:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/20 08:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/09/18 11:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2012/09/18 11:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 06:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 06:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 04:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2012/07/26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?r...GR&dcc=GR&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.7,el;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D D8 8F 13 C1 C9 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://blog.kotaku.com/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012/11/09 23:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 13:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/09 20:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jesus_000\AppData\Roaming\mozilla\Extensions
[2012/12/06 12:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jesus_000\AppData\Roaming\mozilla\Firefox\Profiles\mmy56tes.default\extensions
[2012/11/21 16:23:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jesus_000\AppData\Roaming\mozilla\Firefox\Profiles\mmy56tes.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/06 12:30:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\jesus_000\AppData\Roaming\mozilla\Firefox\Profiles\mmy56tes.default\extensions\[email protected]
[2012/11/23 15:45:31 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\jesus_000\AppData\Roaming\mozilla\firefox\profiles\mmy56tes.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 17:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\jesus_000\AppData\Roaming\mozilla\firefox\profiles\mmy56tes.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/11/09 23:48:00 | 000,001,001 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\mozilla\firefox\profiles\mmy56tes.default\searchplugins\torrentz-search.xml
[2012/11/10 20:54:17 | 000,002,057 | ---- | M] () -- C:\Users\jesus_000\AppData\Roaming\mozilla\firefox\profiles\mmy56tes.default\searchplugins\youtube-video-search.xml
[2012/11/09 20:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 21:17:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 19:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 19:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/25 17:45:06 | 000,001,844 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 launcher01.kalypsomedia.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\173449D.vbe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\jesus_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAD4048D-6955-4C0C-8AB6-FA15CF756F93}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/09 23:04:33 | 000,000,064 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{46a04c52-4f5e-11e2-be96-902b341b5750}\Shell - "" = AutoRun
O33 - MountPoints2\{46a04c52-4f5e-11e2-be96-902b341b5750}\Shell\AutoRun\command - "" = F:\setup.exe -- [2012/10/09 23:15:50 | 001,009,578 | R--- | M] ( )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 15:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jesus_000\Desktop\OTL.exe
[2013/01/06 14:09:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/06 13:57:09 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/06 13:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/06 13:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/06 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/06 13:42:12 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\Malwarebytes
[2013/01/06 13:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/06 13:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/06 13:42:02 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/06 13:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/04 12:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/01/04 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013/01/03 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\Documents\FLiNGTrainer
[2013/01/03 13:43:06 | 001,179,648 | ---- | C] (3DMGAME) -- C:\Users\jesus_000\Desktop\XCOM_Enemy Unknown v1.0.0.5443 Plus 12 Trainer.exe
[2013/01/02 18:18:32 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Local\FLT
[2013/01/02 18:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XCOM Enemy Unknown
[2013/01/01 19:38:21 | 000,000,000 | ---D | C] -- C:\Temp
[2013/01/01 19:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops 2
[2012/12/27 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\Desktop\Gibbed
[2012/12/26 15:36:24 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\Documents\BioWare
[2012/12/26 15:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/12/26 15:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/12/26 15:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012/12/26 15:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/26 15:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/12/26 15:30:42 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/26 15:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/12/26 15:26:42 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\DAEMON Tools Lite
[2012/12/26 15:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/12/26 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/12/26 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Local\ElevatedDiagnostics
[2012/12/25 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\Tropico 4
[2012/12/25 17:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2012/12/25 17:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/12/25 17:26:10 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\Kalypso Media
[2012/12/20 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\Hive Cluster
[2012/12/20 16:16:33 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mark of the Ninja
[2012/12/18 20:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
[2012/12/18 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2012/12/15 13:50:54 | 000,000,000 | ---D | C] -- C:\Lyrics
[2012/12/15 13:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniLyrics
[2012/12/09 02:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[2012/12/09 02:12:27 | 000,000,000 | ---D | C] -- C:\Users\jesus_000\Documents\Telltale Games
[2012/12/09 02:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Walking Dead

========== Files - Modified Within 30 Days ==========

[2013/01/06 15:29:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jesus_000\Desktop\OTL.exe
[2013/01/06 14:17:44 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/06 14:17:44 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/06 14:17:44 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/06 14:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 14:13:34 | 000,000,222 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/06 14:13:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/06 14:13:29 | 2448,080,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 13:57:08 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/02 18:17:32 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\XCOM Enemy Unknown.lnk
[2013/01/01 19:38:21 | 000,001,097 | ---- | M] () -- C:\Users\jesus_000\Desktop\Call of Duty Black Ops 2.lnk
[2012/12/29 01:58:50 | 000,000,287 | ---- | M] () -- C:\Users\jesus_000\Desktop\How I Learned to Rely on My Own Memory (and Stop Depending on Technology).URL
[2012/12/27 12:22:13 | 000,001,667 | ---- | M] () -- C:\Users\jesus_000\Desktop\Tropico 4.lnk
[2012/12/26 15:30:42 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/23 10:20:04 | 000,431,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 01:11:40 | 000,000,264 | ---- | M] () -- C:\Users\jesus_000\Desktop\Sprawl Flickr - Photo Sharing!.URL
[2012/12/19 22:13:09 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/09 02:10:59 | 000,002,035 | ---- | M] () -- C:\Users\jesus_000\Desktop\The Walking Dead.lnk
[2012/12/07 20:22:08 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

========== Files Created - No Company Name ==========

[2013/01/06 13:57:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/02 18:17:32 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\XCOM Enemy Unknown.lnk
[2013/01/01 19:38:21 | 000,001,097 | ---- | C] () -- C:\Users\jesus_000\Desktop\Call of Duty Black Ops 2.lnk
[2013/01/01 13:52:53 | 000,169,984 | ---- | C] () -- C:\Users\jesus_000\Desktop\troptrn.exe
[2012/12/29 01:58:50 | 000,000,287 | ---- | C] () -- C:\Users\jesus_000\Desktop\How I Learned to Rely on My Own Memory (and Stop Depending on Technology).URL
[2012/12/27 12:22:13 | 000,001,667 | ---- | C] () -- C:\Users\jesus_000\Desktop\Tropico 4.lnk
[2012/12/23 10:20:02 | 000,431,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 01:11:40 | 000,000,264 | ---- | C] () -- C:\Users\jesus_000\Desktop\Sprawl Flickr - Photo Sharing!.URL
[2012/12/16 12:01:03 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/12/09 02:10:59 | 000,002,035 | ---- | C] () -- C:\Users\jesus_000\Desktop\The Walking Dead.lnk
[2012/11/10 02:10:45 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/11/10 00:09:57 | 000,007,605 | ---- | C] () -- C:\Users\jesus_000\AppData\Local\resmon.resmoncfg
[2012/11/09 23:06:21 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/09 19:18:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/18 01:52:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/18 01:52:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/10/18 01:52:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/10/10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/10 01:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2012/12/25 17:25:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/06 06:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/06 06:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/22 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\BSplayer
[2012/11/22 00:04:16 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\BSplayer Pro
[2012/12/26 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\DAEMON Tools Lite
[2012/12/20 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\Hive Cluster
[2012/12/25 17:26:10 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\Kalypso Media
[2012/11/09 23:57:37 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\Leadertech
[2012/11/09 23:13:39 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\PotPlayerMini
[2013/01/02 18:11:00 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\Tropico 4
[2013/01/05 03:00:16 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\uTorrent
[2012/11/09 23:25:21 | 000,000,000 | ---D | M] -- C:\Users\jesus_000\AppData\Roaming\Win8codecs

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 06 January 2013 - 08:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if we can resolve this

Three programmes to run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\173449D.vbe ()

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
mix1911
Posted 06 January 2013 - 09:17 AM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
FSS Log:
Farbar Service Scanner Version: 05-01-2013
Ran by jesus_000 (administrator) on 06-01-2013 at 17:14:40
Running from "C:\Users\jesus_000\Desktop"
Windows 8 Pro with Media Center (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-12-16 12:01] - [2012-11-06 05:53] - 0560640 ____A (Microsoft Corporation) 36D6A3201721558A8AFBCC09C2DA4C2C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2012-11-09 23:06] - [2012-09-20 08:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

C:\Windows\System32\mpssvc.dll
[2012-11-15 22:53] - [2012-10-11 07:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

C:\Windows\System32\bfe.dll
[2012-12-16 12:01] - [2012-11-06 06:17] - 0718848 ____A (Microsoft Corporation) 7253B5371136DAF5D38AFB2C42D2B78F

C:\Windows\System32\drivers\mpsdrv.sys
[2012-11-15 22:53] - [2012-10-11 07:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

C:\Windows\System32\SDRSVC.dll
[2012-07-26 03:08] - [2012-07-26 05:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

C:\Windows\System32\vssvc.exe
[2012-07-26 01:36] - [2012-07-26 05:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

C:\Windows\System32\wscsvc.dll
[2012-07-26 01:31] - [2012-07-26 05:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

C:\Windows\System32\wbem\WMIsvc.dll
[2012-07-26 01:55] - [2012-07-26 05:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

C:\Windows\System32\wuaueng.dll
[2012-12-16 12:01] - [2012-11-06 06:20] - 3342848 ____A (Microsoft Corporation) F2CF90BBFB637AA2DC3CAAF64661EA43

C:\Windows\System32\qmgr.dll
[2012-07-26 02:18] - [2012-07-26 05:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

C:\Windows\System32\es.dll
[2012-07-26 01:50] - [2012-07-26 05:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

C:\Windows\System32\cryptsvc.dll
[2012-07-26 02:05] - [2012-07-26 05:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2012-07-26 01:45] - [2012-07-26 05:05] - 0438784 ____A (Microsoft Corporation) 090AE16F79C8EAD04E6031F863DA85F3

C:\Windows\System32\iphlpsvc.dll
[2012-07-26 01:35] - [2012-07-26 05:05] - 0894464 ____A (Microsoft Corporation) CAC5202757EF68C4849B0DFFA75F6D3C

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwCleaner Log:

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 17:12:53
# Updated 29/12/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : jesus_000 - MIX-PC
# Boot Mode : Normal
# Running from : C:\Users\jesus_000\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\jesus_000\AppData\Roaming\Mozilla\Firefox\Profiles\mmy56tes.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [824 octets] - [06/01/2013 17:12:53]

########## EOF - C:\AdwCleaner[S1].txt - [883 octets] ##########
  • 0

#4
Essexboy
Posted 06 January 2013 - 09:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this is the problem

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.



First we will see if windows can repair it

1. Open File Explorer (Windows Explorer), and navigate to the file below. (see screenshot below)


C:\Windows\System32\cmd.exe


2. Right click or press and hold on cmd.exe, and click/tap on Run as administrator. (see screenshot )
[attachment=62305:File_Explorer.jpg]

When the black box opens type in the following and press enter :

SFC /scannow

Allow the operation to complete and try the firewall again
  • 0

#5
mix1911
Posted 06 January 2013 - 02:11 PM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The scan completed and no integrity violations were found. As far as a I can tell, the trojan is gone but the firewall problem isn't, even after the last step.
  • 0

#6
Essexboy
Posted 06 January 2013 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a specialised repair tool, again after reboot try the firewall

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished

  • Reset Registry Permissions
  • Repair WMI
  • Repair Windows Firewall

Posted Image
  • 0

#7
mix1911
Posted 06 January 2013 - 04:13 PM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Again, no luck.
FYI, I pressed "unselect all" and had only the following checked (your screenshot had almost all of them checked):

Reset Registry Permissions
Repair WMI
Repair Windows Firewall
  • 0

#8
Essexboy
Posted 07 January 2013 - 08:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In the windows search box type the following :

services.msc

Double click the file that appears
[attachment=62322:Capture.GIF]
Locate windows firewall
Right click and select properties
In the drop down select automatic
Start the service
Apply then OK out

If any error message appear let me know what they say
  • 0

#9
mix1911
Posted 07 January 2013 - 09:05 AM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
That did it!
You are the man,
Cheers
  • 0

#10
Essexboy
Posted 07 January 2013 - 09:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it now .. Any outstanding problems ?
  • 0

Advertisements

#11
mix1911
Posted 07 January 2013 - 09:33 AM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

The only thing that's left is this I guess.
  • 0

#12
Essexboy
Posted 07 January 2013 - 09:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is windows security center now running ?

Go to control panel
Select Action centre
Is it running (you are able to access it)

[attachment=62329:Capture.GIF]
  • 0

#13
mix1911
Posted 07 January 2013 - 09:47 AM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It wasn't but i did the same thing you suggested for firewall. Now everything seems to be OK. MBAM results are negative and services appear to be restored.
Is there any chance, however, that the trojan damaged anything else that is not immediately apparent? Can it still be affecting the overall performance of my pc in any other way? Are there any other signs I should be looking out for?
  • 0

#14
Essexboy
Posted 07 January 2013 - 09:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\173449D.vbe ()

This was the malware being picked up by SAS

Generally this is the only file on the computer, as it will give you redirects to earn some pennies for someone else. I can see no further indicators of malware and windows 8 is more robust than previous versions

Is there anything unusual you are noting with regards to the computers performance ?
  • 0

#15
mix1911
Posted 07 January 2013 - 10:06 AM

mix1911

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything is probably OK.
There may be some slight delay in startup but since i have an SSD it hard to tell, maybe I'm imagining things or maybe its superantispyware. I will uninstall it and keep MBAM. Up to this incident, I was under the impression that Microsoft Security Essentials (which is now embedded in Windows 8) was protection enough. I'm not so sure anymore.
Again, thanks for the quick replies. You guys are awesome.
Cheers
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP