Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, virus, backdoor help needed!


  • This topic is locked This topic is locked
65 replies to this topic

#1 raxor30

raxor30

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 05 July 2012 - 01:14 AM

Well this should be as fun for you guys as it has been for me <_< . Malwarebytes & HitmanPro found these:

trojan.Downloader
Trojan.Downloader
Trojan.Dropper.BCMiner
Trojan.Agent
Virus.Win64.ZAccess.AMN!A2
BackDoor.Maxplus.5220

Also svchost pops up as well as winrscmde both say stopped working and was closed. Getting pop-ups. Tryed removing what was found with malwarebytes and it didnt remove them. Tried removing what was found with HitmanPro and in the process of trying to remove them I got a windows notice window that looked like a replica saying a serious error has occured and the computer will be restarting. Thus HitmanPro could not remove anything. Here is the information you have requested:

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by John at 23:47:31 on 2012-07-04
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.4453 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Phoenix Viewer\SLVoice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Phoenix Viewer\SLPlugin.exe
C:\Program Files (x86)\Phoenix Viewer\SLPlugin.exe
C:\Program Files (x86)\Phoenix Viewer\SLPlugin.exe
C:\Program Files (x86)\Phoenix Viewer\SLPlugin.exe
C:\Program Files (x86)\Phoenix Viewer\SLPlugin.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wermgr.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: digg.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5912/mcfscan.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: Interfaces\{FBEDCEA5-B828-4E32-8286-95009933B24F} : NameServer = 167.206.245.130,167.206.245.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 72.167.232.201 www.gameknightcrew.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\q28k0xks.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\John\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\John\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-20 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d5dedbdb5410;Google Update Service (gupdate1c9d5dedbdb5410);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088]
S3 CrucialSMBusScan;CrucialSMBusScan;\??\C:\Windows\system32\drivers\CrucialSMBusScan.sys --> C:\Windows\system32\drivers\CrucialSMBusScan.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-21 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2008-12-29 30528]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 HitmanPro35Crusader;Hitman Pro 3.5 Crusader;C:\Users\John\Desktop\HitmanPro35_x64.exe [2012-7-4 7612928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S4 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-1-29 266240]
S4 dlbk_device;dlbk_device;C:\Windows\system32\dlbkcoms.exe -service --> C:\Windows\system32\dlbkcoms.exe -service [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2071-07-25 13:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-05 02:14:28 388096 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-05 02:14:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-05 01:54:29 20480 ----a-w- C:\Windows\svchost.exe
2012-07-04 22:33:08 -------- d-----w- C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}
2012-07-04 22:05:10 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-07-04 22:02:26 -------- d-----w- C:\ProgramData\Hitman Pro
2012-07-04 22:00:06 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-04 10:28:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-03 16:59:01 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C99EA17-E67F-41F0-8A20-AD126FB34C03}\gapaengine.dll
2012-07-03 16:58:06 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D89E24BD-A1BD-4A95-B2F0-00A503922501}\mpengine.dll
2012-07-02 16:57:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-26 21:13:30 -------- d-----w- C:\Users\John\AppData\Local\SKIDROW
2012-06-26 14:53:19 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2012-06-26 00:39:09 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-06-19 02:47:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:46:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:46:24 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-19 02:46:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-19 02:46:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 02:46:15 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-19 02:46:14 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-14 20:43:35 -------- d-----w- C:\Users\John\AppData\Roaming\dll-files.com
2012-06-14 20:43:35 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2012-06-13 17:03:48 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 17:03:48 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 17:03:34 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 17:03:34 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 17:03:33 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 17:03:33 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 17:03:33 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 17:03:33 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 13:39:06 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB25F90D-5075-4563-928C-BA03B67A511D}\gapaengine.dll
2012-06-13 12:15:00 -------- d-----w- C:\Users\John\AppData\Roaming\TweakNow PowerPack 2012
2012-06-13 12:15:00 -------- d-----w- C:\Program Files (x86)\TweakNow PowerPack 2012
2012-06-13 11:41:13 -------- d-----w- C:\Users\John\AppData\Roaming\Windows Authenticator
2012-06-10 13:31:11 -------- d-----w- C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}
2012-06-10 13:30:51 -------- d-----w- C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 13:10:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-04 13:10:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-03 23:03:01 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-25 19:33:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-25 19:33:40 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 23:49:34.09 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2008 2:11:59 AM
System Uptime: 7/4/2012 9:49:31 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3R
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2667/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 16.018 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2300: 7/3/2012 5:32:52 AM - Scheduled Checkpoint
RP2301: 7/3/2012 12:57:21 PM - Windows Update
RP2302: 7/4/2012 10:07:59 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
@BIOS
µTorrent
Absolute Futurity SpeedTestPro Ver 1.0.73
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Advertising Center
AIM 6
APB North America
Apple Application Support
Apple Software Update
Archasis II v0.81
ArtistScope Plugin IE
Autodesk Backburner 2012.0.0
AutoIt v3.3.6.1
Battlefield 3™
Battlelog Web Plugins
Borderlands
CodeBlocks
Conduit Engine
Connect
Core FTP LE 2.1
Counter-Strike: Source
Counter-Strike: Source Beta
Crysis®
D3DX10
DAEMON Tools Lite
Dead Rising 2
Diablo III
Digg Stack Screen Saver
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dll-Files.com Fixer wersja 2.7.72.2024
DMIView B06.1227.01
DNA
Download Manager 2.3.7
EasyBits GO
EasyTune5Pro
ESN Sonar
Face_Wizard B07.0509.01
Firestorm-Beta-Mesh (remove only)
Fraps (remove only)
Froggy demo by NVIDIA (remove only)
GameSpy Comrade
Google Earth Plug-in
Google Update Helper
Google Updater
GPGNet
HDView for Internet Explorer
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
i-Cool
IL-2 Sturmovik: 1946
Impulse
Impulse®
Invoke Solutions Participant 6.2.0.1452
Java™ 6 Update 6
kuler
Launchpad Enhanced
League of Legends
LightScribe System Software 1.17.90.1
LightScribe Template Designs - Fantasy Pack 1
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0265)
MagicTunePremium
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft XML Parser
Microsoft XNA Framework Redistributable 4.0
mIRC
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Natural Color Pro
NCH Toolbox
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX Particle Fluid Demo
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
ooVoo
Origin
Pando Media Booster
PDF Settings
Phoenix Viewer 1.6.0.1600
Photoshop Camera Raw
PhysX Screen Saver
PostgreSQL 8.0
PunkBuster Services
Python 2.5.2
Quake Live Internet Explorer Plugin
QuickTime
Razer Habu Config
RealPlayer
Realtek High Definition Audio Driver
Recorder
Renegade X - Beta v0.35
SAM3 (remove only)
Search Toolbar
SecondLifeDevelopment (remove only)
SecondLifeProjectViewer-Mesh (remove only)
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
Skype Click to Call
Skype™ 5.5
Smoke demo by NVIDIA (remove only)
SpaceShuttleMission2007 v5.30 Demo
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Star Wars: The Old Republic
Steam
Suite Shared Configuration CS4
Supreme Commander - Forged Alliance
Supreme Commander 2
System Requirements Lab
System Requirements Lab for Intel
Team Fortress 2
TeamSpeak 2 RC2
Terraria
The Elder Scrolls V: Skyrim
TrackMania Nations Forever
TVersity Media Server 1.7.2.1 Beta
TweakNow PowerPack 2012
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Service
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Ventrilo Server
VentriloMIX
Virtual DJ - Atomix Productions
VLC media player 1.1.8
Vuze
Vuze Remote Toolbar
Winamp Toolbar for Firefox
Winamp Toolbar for Internet Explorer
Windows Essentials Media Codec Pack 3.4 [64-Bit]
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
WinZip 15.0
World of Tanks v.0.6.5
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/4/2012 9:53:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
7/4/2012 9:51:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt NCPro
7/4/2012 9:51:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/4/2012 9:51:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/4/2012 9:51:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/4/2012 9:50:03 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/4/2012 6:30:46 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:09 PM on 7/4/2012 was unexpected.
7/4/2012 12:36:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
7/4/2012 12:36:24 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/4/2012 11:57:50 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/4/2012 11:57:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
7/4/2012 11:57:50 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/1/2012 6:04:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/1/2012 12:45:12 PM, Error: EventLog [6008] - The previous system shutdown at 10:18:39 AM on 7/1/2012 was unexpected.
7/1/2012 12:39:44 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
7/1/2012 12:37:52 AM, Error: volsnap [13] - The shadow copy of volume C: could not grow its shadow copy storage on volume C:.
6/27/2012 11:42:13 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072f7c Error description: The HTTP redirect request failed
.
==== End Of File ===========================


Ark:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-05 02:11:06
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x27 0x30 0x24 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x3A 0xA9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x43 0xC8 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x27 0x30 0x24 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x3A 0xA9 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x43 0xC8 0x93 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\Track[1].txt 1 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\PortalServe[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\EI[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\EVV[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\Fp2kSwXdko9dr0ZXwY9Aiw==[2].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\SmartPlayer_189[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\1[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B2RHXQS\1[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NG0L7E7M\visit[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL1OEN3U\hollyscoop_atf[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UF8Y2B4F.txt 0 bytes

---- EOF - GMER 1.0.15 ----


There you go....hope you can help me!

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Malware Response Team
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:27 AM

Posted 05 July 2012 - 06:46 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}\*.* /s
    C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}\*.* /s
    C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 05 July 2012 - 02:55 PM

Thanks for the help with this so far. Here are the logs you requested:

14:52:31.0168 4412 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:52:31.0409 4412 ============================================================
14:52:31.0409 4412 Current date / time: 2012/07/05 14:52:31.0409
14:52:31.0409 4412 SystemInfo:
14:52:31.0409 4412
14:52:31.0409 4412 OS Version: 6.0.6002 ServicePack: 2.0
14:52:31.0409 4412 Product type: Workstation
14:52:31.0409 4412 ComputerName: RAXOR-II
14:52:31.0409 4412 UserName: John
14:52:31.0409 4412 Windows directory: C:\Windows
14:52:31.0409 4412 System windows directory: C:\Windows
14:52:31.0409 4412 Running under WOW64
14:52:31.0409 4412 Processor architecture: Intel x64
14:52:31.0409 4412 Number of processors: 2
14:52:31.0409 4412 Page size: 0x1000
14:52:31.0409 4412 Boot type: Normal boot
14:52:31.0409 4412 ============================================================
14:52:33.0089 4412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:33.0094 4412 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:33.0096 4412 ============================================================
14:52:33.0096 4412 \Device\Harddisk0\DR0:
14:52:33.0096 4412 MBR partitions:
14:52:33.0096 4412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
14:52:33.0096 4412 \Device\Harddisk1\DR1:
14:52:33.0097 4412 MBR partitions:
14:52:33.0097 4412 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x478, BlocksNum 0x777B88
14:52:33.0097 4412 ============================================================
14:52:33.0271 4412 C: <-> \Device\Harddisk0\DR0\Partition0
14:52:33.0271 4412 ============================================================
14:52:33.0271 4412 Initialize success
14:52:33.0271 4412 ============================================================
14:53:11.0306 6688 ============================================================
14:53:11.0307 6688 Scan started
14:53:11.0307 6688 Mode: Manual; SigCheck; TDLFS;
14:53:11.0307 6688 ============================================================
14:53:14.0029 6688 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:53:14.0159 6688 ACPI - ok
14:53:14.0550 6688 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:53:14.0562 6688 AdobeFlashPlayerUpdateSvc - ok
14:53:14.0626 6688 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:53:14.0660 6688 adp94xx - ok
14:53:14.0831 6688 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:53:14.0879 6688 adpahci - ok
14:53:14.0983 6688 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:53:14.0999 6688 adpu160m - ok
14:53:15.0032 6688 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:53:15.0055 6688 adpu320 - ok
14:53:15.0104 6688 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:53:15.0315 6688 AeLookupSvc - ok
14:53:15.0384 6688 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:53:15.0474 6688 AFD - ok
14:53:15.0543 6688 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:53:15.0559 6688 agp440 - ok
14:53:15.0608 6688 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:53:15.0626 6688 aic78xx - ok
14:53:15.0767 6688 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:53:15.0915 6688 ALG - ok
14:53:16.0019 6688 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:53:16.0029 6688 aliide - ok
14:53:16.0054 6688 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:53:16.0066 6688 amdide - ok
14:53:16.0110 6688 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:53:16.0180 6688 AmdK8 - ok
14:53:16.0300 6688 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
14:53:16.0352 6688 Appinfo - ok
14:53:16.0848 6688 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:53:16.0863 6688 Apple Mobile Device - ok
14:53:16.0929 6688 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
14:53:17.0078 6688 AppMgmt - ok
14:53:17.0087 6688 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:53:17.0105 6688 arc - ok
14:53:17.0140 6688 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:53:17.0158 6688 arcsas - ok
14:53:17.0566 6688 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:53:17.0578 6688 aspnet_state - ok
14:53:17.0619 6688 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:53:17.0677 6688 AsyncMac - ok
14:53:17.0778 6688 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:53:17.0791 6688 atapi - ok
14:53:18.0517 6688 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:53:18.0571 6688 AudioEndpointBuilder - ok
14:53:18.0577 6688 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:53:18.0643 6688 AudioSrv - ok
14:53:19.0549 6688 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
14:53:19.0679 6688 BITS - ok
14:53:19.0834 6688 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:53:19.0888 6688 blbdrive - ok
14:53:20.0330 6688 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:53:20.0356 6688 Bonjour Service - ok
14:53:20.0497 6688 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:53:20.0545 6688 bowser - ok
14:53:20.0587 6688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:53:20.0626 6688 BrFiltLo - ok
14:53:20.0698 6688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:53:20.0719 6688 BrFiltUp - ok
14:53:20.0763 6688 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
14:53:20.0818 6688 Browser - ok
14:53:20.0887 6688 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:53:21.0067 6688 Brserid - ok
14:53:21.0147 6688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:53:21.0228 6688 BrSerWdm - ok
14:53:21.0340 6688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:53:21.0446 6688 BrUsbMdm - ok
14:53:21.0523 6688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:53:21.0599 6688 BrUsbSer - ok
14:53:21.0649 6688 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:53:21.0710 6688 BTHMODEM - ok
14:53:21.0751 6688 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:53:21.0806 6688 cdfs - ok
14:53:21.0903 6688 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:53:21.0937 6688 cdrom - ok
14:53:21.0996 6688 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:53:22.0040 6688 CertPropSvc - ok
14:53:22.0063 6688 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:53:22.0113 6688 circlass - ok
14:53:22.0255 6688 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:53:22.0280 6688 CLFS - ok
14:53:22.0367 6688 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:53:22.0381 6688 clr_optimization_v2.0.50727_32 - ok
14:53:22.0435 6688 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:53:22.0453 6688 clr_optimization_v2.0.50727_64 - ok
14:53:22.0535 6688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:53:22.0549 6688 clr_optimization_v4.0.30319_32 - ok
14:53:22.0579 6688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:53:22.0594 6688 clr_optimization_v4.0.30319_64 - ok
14:53:22.0613 6688 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:53:22.0625 6688 cmdide - ok
14:53:22.0629 6688 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
14:53:22.0641 6688 Compbatt - ok
14:53:22.0644 6688 COMSysApp - ok
14:53:22.0673 6688 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:53:22.0687 6688 crcdisk - ok
14:53:22.0773 6688 CrucialSMBusScan (02c86c005e8e9e0366b7491bf3ac86aa) C:\Windows\system32\drivers\CrucialSMBusScan.sys
14:53:22.0774 6688 Suspicious file (Forged): C:\Windows\system32\drivers\CrucialSMBusScan.sys. Real md5: 02c86c005e8e9e0366b7491bf3ac86aa, Fake md5: 12b40b0a3d347c9e3235688c43be2436
14:53:22.0774 6688 CrucialSMBusScan ( ForgedFile.Multi.Generic ) - warning
14:53:22.0774 6688 CrucialSMBusScan - detected ForgedFile.Multi.Generic (1)
14:53:22.0829 6688 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
14:53:22.0884 6688 CryptSvc - ok
14:53:22.0934 6688 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
14:53:23.0017 6688 CSC - ok
14:53:23.0082 6688 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
14:53:23.0187 6688 CscService - ok
14:53:23.0302 6688 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
14:53:23.0336 6688 CSHelper ( UnsignedFile.Multi.Generic ) - warning
14:53:23.0336 6688 CSHelper - detected UnsignedFile.Multi.Generic (1)
14:53:23.0448 6688 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:53:23.0562 6688 DcomLaunch - ok
14:53:23.0737 6688 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:53:23.0770 6688 DfsC - ok
14:53:24.0304 6688 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
14:53:25.0072 6688 DFSR - ok
14:53:25.0629 6688 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
14:53:25.0683 6688 Dhcp - ok
14:53:25.0991 6688 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:53:26.0004 6688 disk - ok
14:53:26.0019 6688 dlbk_device - ok
14:53:26.0088 6688 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
14:53:26.0135 6688 Dnscache - ok
14:53:26.0177 6688 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
14:53:26.0225 6688 dot3svc - ok
14:53:26.0270 6688 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
14:53:26.0343 6688 DPS - ok
14:53:26.0436 6688 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:53:26.0479 6688 drmkaud - ok
14:53:26.0538 6688 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:53:26.0557 6688 dtsoftbus01 - ok
14:53:26.0680 6688 dump_wmimmc - ok
14:53:26.0774 6688 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:53:26.0849 6688 DXGKrnl - ok
14:53:26.0895 6688 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:53:26.0947 6688 E1G60 - ok
14:53:27.0017 6688 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
14:53:27.0059 6688 EapHost - ok
14:53:27.0105 6688 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:53:27.0129 6688 Ecache - ok
14:53:27.0381 6688 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
14:53:27.0444 6688 ehRecvr - ok
14:53:27.0481 6688 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
14:53:27.0518 6688 ehSched - ok
14:53:27.0534 6688 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
14:53:27.0581 6688 ehstart - ok
14:53:27.0677 6688 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:53:27.0749 6688 elxstor - ok
14:53:27.0809 6688 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
14:53:27.0908 6688 EMDMgmt - ok
14:53:27.0933 6688 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:53:27.0989 6688 ErrDev - ok
14:53:28.0135 6688 ET5Drv (5c309d62311a4b11194553758b30fff9) C:\Windows\ET5Drv.sys
14:53:28.0148 6688 ET5Drv - ok
14:53:28.0205 6688 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
14:53:28.0270 6688 EventSystem - ok
14:53:28.0322 6688 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:53:28.0369 6688 exfat - ok
14:53:28.0514 6688 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:53:28.0562 6688 fastfat - ok
14:53:28.0625 6688 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
14:53:28.0703 6688 Fax - ok
14:53:28.0737 6688 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:53:28.0787 6688 fdc - ok
14:53:28.0825 6688 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
14:53:28.0865 6688 fdPHost - ok
14:53:29.0258 6688 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
14:53:29.0326 6688 FDResPub - ok
14:53:29.0385 6688 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:53:29.0398 6688 FileInfo - ok
14:53:29.0416 6688 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:53:29.0480 6688 Filetrace - ok
14:53:29.0728 6688 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:53:29.0778 6688 FLEXnet Licensing Service - ok
14:53:30.0325 6688 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:53:30.0408 6688 FLEXnet Licensing Service 64 - ok
14:53:30.0636 6688 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:53:30.0669 6688 flpydisk - ok
14:53:30.0713 6688 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:53:30.0734 6688 FltMgr - ok
14:53:30.0846 6688 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
14:53:30.0949 6688 FontCache - ok
14:53:31.0028 6688 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:53:31.0039 6688 FontCache3.0.0.0 - ok
14:53:31.0105 6688 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
14:53:31.0151 6688 Fs_Rec - ok
14:53:31.0309 6688 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
14:53:31.0328 6688 fvevol - ok
14:53:31.0350 6688 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:53:31.0364 6688 gagp30kx - ok
14:53:31.0404 6688 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
14:53:31.0416 6688 gdrv - ok
14:53:31.0552 6688 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
14:53:31.0671 6688 gpsvc - ok
14:53:31.0801 6688 gupdate1c9d5dedbdb5410 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:31.0817 6688 gupdate1c9d5dedbdb5410 - ok
14:53:31.0841 6688 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:31.0852 6688 gupdatem - ok
14:53:31.0906 6688 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:53:31.0928 6688 gusvc - ok
14:53:31.0953 6688 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
14:53:31.0965 6688 GVTDrv64 - ok
14:53:31.0997 6688 HabuFltr (c3096d7f9d0c529d538bc53a8b2895c7) C:\Windows\system32\drivers\habu.sys
14:53:32.0040 6688 HabuFltr - ok
14:53:32.0072 6688 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:53:32.0082 6688 hamachi - ok
14:53:32.0267 6688 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:53:32.0353 6688 Hamachi2Svc - ok
14:53:32.0509 6688 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:53:32.0595 6688 HdAudAddService - ok
14:53:32.0716 6688 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:53:32.0798 6688 HDAudBus - ok
14:53:32.0830 6688 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:53:32.0880 6688 HidBth - ok
14:53:32.0906 6688 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:53:32.0969 6688 HidIr - ok
14:53:33.0057 6688 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
14:53:33.0099 6688 hidserv - ok
14:53:33.0130 6688 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:53:33.0171 6688 HidUsb - ok
14:53:33.0209 6688 hitmanpro35 (63c0be20a6db9824951e5c2d4116503c) C:\Windows\system32\drivers\hitmanpro35.sys
14:53:33.0220 6688 hitmanpro35 - ok
14:53:33.0983 6688 HitmanPro35Crusader (bc312342cf16008f8d3573370ac3f6b9) C:\Users\John\Desktop\HitmanPro35_x64.exe
14:53:34.0407 6688 HitmanPro35Crusader ( UnsignedFile.Multi.Generic ) - warning
14:53:34.0407 6688 HitmanPro35Crusader - detected UnsignedFile.Multi.Generic (1)
14:53:34.0737 6688 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
14:53:34.0791 6688 hkmsvc - ok
14:53:34.0833 6688 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:53:34.0845 6688 HpCISSs - ok
14:53:35.0559 6688 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:53:35.0645 6688 HTTP - ok
14:53:35.0668 6688 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:53:35.0681 6688 i2omp - ok
14:53:35.0705 6688 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:53:35.0745 6688 i8042prt - ok
14:53:35.0818 6688 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:53:35.0842 6688 iaStorV - ok
14:53:35.0930 6688 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:53:35.0949 6688 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:53:35.0949 6688 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:53:36.0077 6688 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:53:36.0143 6688 idsvc - ok
14:53:36.0263 6688 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:53:36.0276 6688 iirsp - ok
14:53:36.0354 6688 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
14:53:36.0584 6688 IKEEXT - ok
14:53:36.0716 6688 IntcAzAudAddService (335c2e3f3fe9fb2700d2a995ea9e00c2) C:\Windows\system32\drivers\RTKVHD64.sys
14:53:36.0749 6688 IntcAzAudAddService - ok
14:53:36.0938 6688 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:53:36.0949 6688 intelide - ok
14:53:36.0970 6688 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:53:37.0019 6688 intelppm - ok
14:53:37.0102 6688 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
14:53:37.0187 6688 IPBusEnum - ok
14:53:37.0243 6688 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:53:37.0295 6688 IpFilterDriver - ok
14:53:37.0298 6688 IpInIp - ok
14:53:37.0357 6688 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:53:37.0399 6688 IPMIDRV - ok
14:53:37.0424 6688 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:53:37.0476 6688 IPNAT - ok
14:53:37.0523 6688 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:53:37.0556 6688 IRENUM - ok
14:53:37.0561 6688 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:53:37.0572 6688 isapnp - ok
14:53:37.0663 6688 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:53:37.0681 6688 iScsiPrt - ok
14:53:37.0750 6688 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:53:37.0760 6688 iteatapi - ok
14:53:37.0792 6688 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:53:37.0802 6688 iteraid - ok
14:53:37.0839 6688 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:53:37.0852 6688 kbdclass - ok
14:53:37.0894 6688 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:53:37.0939 6688 kbdhid - ok
14:53:37.0988 6688 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:53:38.0087 6688 KeyIso - ok
14:53:38.0143 6688 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
14:53:38.0200 6688 KSecDD - ok
14:53:38.0249 6688 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:53:38.0298 6688 ksthunk - ok
14:53:38.0568 6688 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
14:53:38.0694 6688 KtmRm - ok
14:53:38.0771 6688 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
14:53:38.0880 6688 LanmanServer - ok
14:53:39.0012 6688 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
14:53:39.0046 6688 LanmanWorkstation - ok
14:53:39.0246 6688 LightScribeService (faab52b7766409d702b99fe5553dc34f) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:53:39.0270 6688 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:53:39.0270 6688 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:53:39.0303 6688 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:53:39.0363 6688 lltdio - ok
14:53:39.0449 6688 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
14:53:39.0525 6688 lltdsvc - ok
14:53:39.0579 6688 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
14:53:39.0632 6688 lmhosts - ok
14:53:39.0664 6688 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:53:39.0682 6688 LSI_FC - ok
14:53:39.0748 6688 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:53:39.0788 6688 LSI_SAS - ok
14:53:39.0814 6688 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:53:39.0832 6688 LSI_SCSI - ok
14:53:39.0878 6688 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:53:39.0929 6688 luafv - ok
14:53:40.0033 6688 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
14:53:40.0042 6688 MagicTune - ok
14:53:40.0094 6688 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:53:40.0105 6688 MBAMProtector - ok
14:53:40.0190 6688 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:53:40.0269 6688 MBAMService - ok
14:53:40.0328 6688 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
14:53:40.0364 6688 Mcx2Svc - ok
14:53:40.0429 6688 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:53:40.0443 6688 megasas - ok
14:53:40.0479 6688 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:53:40.0514 6688 MegaSR - ok
14:53:40.0952 6688 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:53:41.0158 6688 MMCSS - ok
14:53:41.0345 6688 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:53:41.0375 6688 Modem - ok
14:53:41.0408 6688 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:53:41.0452 6688 monitor - ok
14:53:41.0470 6688 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:53:41.0485 6688 mouclass - ok
14:53:41.0509 6688 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:53:41.0559 6688 mouhid - ok
14:53:41.0570 6688 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:53:41.0584 6688 MountMgr - ok
14:53:41.0664 6688 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:53:41.0688 6688 MpFilter - ok
14:53:41.0719 6688 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:53:41.0737 6688 mpio - ok
14:53:41.0770 6688 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:53:41.0795 6688 mpsdrv - ok
14:53:41.0813 6688 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:53:41.0824 6688 Mraid35x - ok
14:53:41.0855 6688 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:53:41.0895 6688 MRxDAV - ok
14:53:42.0024 6688 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:53:42.0051 6688 mrxsmb - ok
14:53:42.0240 6688 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:53:42.0265 6688 mrxsmb10 - ok
14:53:42.0463 6688 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:53:42.0496 6688 mrxsmb20 - ok
14:53:42.0528 6688 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:53:42.0539 6688 msahci - ok
14:53:42.0584 6688 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:53:42.0605 6688 msdsm - ok
14:53:42.0648 6688 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
14:53:42.0687 6688 MSDTC - ok
14:53:42.0729 6688 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:53:42.0777 6688 Msfs - ok
14:53:42.0812 6688 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:53:42.0824 6688 msisadrv - ok
14:53:42.0860 6688 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
14:53:42.0899 6688 MSiSCSI - ok
14:53:42.0903 6688 msiserver - ok
14:53:42.0935 6688 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:53:42.0967 6688 MSKSSRV - ok
14:53:43.0012 6688 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:53:43.0059 6688 MSPCLOCK - ok
14:53:43.0096 6688 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:53:43.0126 6688 MSPQM - ok
14:53:43.0248 6688 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:53:43.0274 6688 MsRPC - ok
14:53:43.0296 6688 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:53:43.0311 6688 mssmbios - ok
14:53:43.0324 6688 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:53:43.0378 6688 MSTEE - ok
14:53:43.0398 6688 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:53:43.0411 6688 Mup - ok
14:53:43.0450 6688 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
14:53:43.0489 6688 napagent - ok
14:53:43.0550 6688 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:53:43.0599 6688 NativeWifiP - ok
14:53:43.0639 6688 NCPro (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTictwl.sys
14:53:43.0647 6688 NCPro - ok
14:53:43.0696 6688 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:53:43.0740 6688 NDIS - ok
14:53:43.0802 6688 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:53:43.0841 6688 NdisTapi - ok
14:53:43.0861 6688 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:53:43.0912 6688 Ndisuio - ok
14:53:43.0941 6688 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:53:43.0990 6688 NdisWan - ok
14:53:44.0015 6688 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:53:44.0038 6688 NDProxy - ok
14:53:44.0093 6688 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:53:44.0142 6688 NetBIOS - ok
14:53:44.0183 6688 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:53:44.0216 6688 netbt - ok
14:53:44.0280 6688 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:53:44.0294 6688 Netlogon - ok
14:53:44.0325 6688 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
14:53:44.0392 6688 Netman - ok
14:53:44.0471 6688 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:53:44.0489 6688 NetMsmqActivator - ok
14:53:44.0492 6688 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:53:44.0505 6688 NetPipeActivator - ok
14:53:44.0537 6688 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
14:53:44.0601 6688 netprofm - ok
14:53:44.0621 6688 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:53:44.0631 6688 NetTcpActivator - ok
14:53:44.0634 6688 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:53:44.0644 6688 NetTcpPortSharing - ok
14:53:44.0675 6688 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:53:44.0688 6688 nfrd960 - ok
14:53:44.0721 6688 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:53:44.0738 6688 NisDrv - ok
14:53:44.0825 6688 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:53:44.0853 6688 NisSrv - ok
14:53:44.0890 6688 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
14:53:44.0964 6688 NlaSvc - ok
14:53:44.0989 6688 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:53:45.0033 6688 Npfs - ok
14:53:45.0062 6688 npggsvc - ok
14:53:45.0070 6688 NPPTNT2 - ok
14:53:45.0111 6688 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
14:53:45.0144 6688 nsi - ok
14:53:45.0279 6688 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:53:45.0327 6688 nsiproxy - ok
14:53:45.0769 6688 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:53:46.0013 6688 Ntfs - ok
14:53:46.0244 6688 nTuneService - ok
14:53:46.0847 6688 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:53:46.0856 6688 NuidFltr - ok
14:53:46.0923 6688 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:53:46.0976 6688 Null - ok
14:53:49.0138 6688 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:53:49.0682 6688 nvlddmkm - ok
14:53:50.0000 6688 nvoclk64 (2eec12c17d6b8deeeac485f47131d150) C:\Windows\system32\DRIVERS\nvoclk64.sys
14:53:50.0014 6688 nvoclk64 - ok
14:53:50.0479 6688 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:53:50.0505 6688 nvraid - ok
14:53:50.0556 6688 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:53:50.0579 6688 nvstor - ok
14:53:50.0645 6688 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
14:53:50.0704 6688 nvsvc - ok
14:53:51.0202 6688 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:53:51.0282 6688 nvUpdatusService - ok
14:53:52.0328 6688 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:53:52.0340 6688 nv_agp - ok
14:53:52.0358 6688 NwlnkFlt - ok
14:53:52.0361 6688 NwlnkFwd - ok
14:53:52.0384 6688 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
14:53:52.0442 6688 ohci1394 - ok
14:53:52.0578 6688 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:53:52.0685 6688 p2pimsvc - ok
14:53:52.0693 6688 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:53:52.0718 6688 p2psvc - ok
14:53:52.0758 6688 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
14:53:52.0799 6688 Parport - ok
14:53:52.0978 6688 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
14:53:52.0993 6688 partmgr - ok
14:53:53.0055 6688 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
14:53:53.0097 6688 PcaSvc - ok
14:53:53.0165 6688 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:53:53.0195 6688 pci - ok
14:53:53.0250 6688 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:53:53.0261 6688 pciide - ok
14:53:53.0319 6688 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:53:53.0343 6688 pcmcia - ok
14:53:53.0560 6688 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:53:53.0651 6688 PEAUTH - ok
14:53:53.0746 6688 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
14:53:53.0775 6688 PerfHost - ok
14:53:53.0999 6688 pgsql-8.0 (183ec742a50aab07266bd7896d72ad15) C:\Program Files (x86)\PostgreSQL\8.0\bin\pg_ctl.exe
14:53:54.0004 6688 pgsql-8.0 ( UnsignedFile.Multi.Generic ) - warning
14:53:54.0004 6688 pgsql-8.0 - detected UnsignedFile.Multi.Generic (1)
14:53:54.0828 6688 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
14:53:54.0909 6688 pla - ok
14:53:55.0044 6688 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
14:53:55.0107 6688 PlugPlay - ok
14:53:55.0150 6688 PnkBstrA - ok
14:53:55.0212 6688 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:53:55.0258 6688 PNRPAutoReg - ok
14:53:55.0265 6688 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:53:55.0294 6688 PNRPsvc - ok
14:53:55.0357 6688 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys
14:53:55.0366 6688 Point64 - ok
14:53:55.0766 6688 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
14:53:55.0841 6688 PolicyAgent - ok
14:53:55.0904 6688 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:53:55.0952 6688 PptpMiniport - ok
14:53:56.0032 6688 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:53:56.0080 6688 Processor - ok
14:53:56.0509 6688 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
14:53:56.0574 6688 ProfSvc - ok
14:53:56.0606 6688 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:53:56.0617 6688 ProtectedStorage - ok
14:53:56.0646 6688 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:53:56.0678 6688 PSched - ok
14:53:56.0860 6688 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:53:56.0942 6688 ql2300 - ok
14:53:57.0035 6688 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:53:57.0048 6688 ql40xx - ok
14:53:57.0091 6688 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
14:53:57.0136 6688 QWAVE - ok
14:53:57.0162 6688 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:53:57.0202 6688 QWAVEdrv - ok
14:53:57.0227 6688 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:53:57.0259 6688 RasAcd - ok
14:53:57.0709 6688 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
14:53:57.0745 6688 RasAuto - ok
14:53:58.0042 6688 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:53:58.0087 6688 Rasl2tp - ok
14:53:58.0626 6688 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
14:53:58.0690 6688 RasMan - ok
14:53:58.0794 6688 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:53:58.0820 6688 RasPppoe - ok
14:53:59.0005 6688 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:53:59.0043 6688 RasSstp - ok
14:53:59.0424 6688 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:53:59.0489 6688 rdbss - ok
14:53:59.0576 6688 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:53:59.0603 6688 RDPCDD - ok
14:53:59.0691 6688 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
14:53:59.0729 6688 rdpdr - ok
14:53:59.0747 6688 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:53:59.0793 6688 RDPENCDD - ok
14:53:59.0876 6688 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
14:53:59.0930 6688 RDPWD - ok
14:53:59.0977 6688 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
14:54:00.0034 6688 RemoteAccess - ok
14:54:00.0615 6688 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
14:54:00.0671 6688 RemoteRegistry - ok
14:54:00.0719 6688 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
14:54:00.0822 6688 RpcLocator - ok
14:54:01.0079 6688 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:54:01.0159 6688 RpcSs - ok
14:54:01.0412 6688 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:54:01.0451 6688 rspndr - ok
14:54:01.0512 6688 RTL8169 (bfeb9c99ae9ae0c635ac1dc38a2b2f1d) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:54:01.0585 6688 RTL8169 - ok
14:54:01.0627 6688 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
14:54:01.0638 6688 SamSs - ok
14:54:01.0788 6688 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:54:01.0800 6688 sbp2port - ok
14:54:01.0928 6688 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
14:54:01.0974 6688 SCardSvr - ok
14:54:02.0549 6688 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
14:54:02.0659 6688 Schedule - ok
14:54:03.0124 6688 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:54:03.0148 6688 SCPolicySvc - ok
14:54:03.0180 6688 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
14:54:03.0232 6688 SDRSVC - ok
14:54:03.0347 6688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:54:03.0416 6688 secdrv - ok
14:54:03.0485 6688 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
14:54:03.0529 6688 seclogon - ok
14:54:03.0568 6688 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
14:54:03.0615 6688 SENS - ok
14:54:03.0682 6688 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
14:54:03.0729 6688 Serenum - ok
14:54:03.0765 6688 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
14:54:03.0807 6688 Serial - ok
14:54:03.0916 6688 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:54:03.0968 6688 sermouse - ok
14:54:04.0058 6688 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
14:54:04.0107 6688 SessionEnv - ok
14:54:04.0124 6688 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:54:04.0158 6688 sffdisk - ok
14:54:04.0248 6688 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:54:04.0329 6688 sffp_mmc - ok
14:54:04.0375 6688 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:54:04.0407 6688 sffp_sd - ok
14:54:04.0452 6688 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:54:04.0500 6688 sfloppy - ok
14:54:04.0562 6688 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
14:54:04.0626 6688 ShellHWDetection - ok
14:54:04.0665 6688 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:54:04.0679 6688 SiSRaid2 - ok
14:54:04.0699 6688 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:54:04.0714 6688 SiSRaid4 - ok
14:54:05.0067 6688 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
14:54:05.0252 6688 slsvc - ok
14:54:05.0644 6688 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
14:54:05.0667 6688 SLUINotify - ok
14:54:05.0791 6688 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:54:05.0835 6688 Smb - ok
14:54:05.0876 6688 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
14:54:05.0902 6688 SNMPTRAP - ok
14:54:06.0020 6688 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
14:54:06.0046 6688 speedfan - ok
14:54:06.0075 6688 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:54:06.0087 6688 spldr - ok
14:54:06.0255 6688 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
14:54:06.0326 6688 Spooler - ok
14:54:06.0444 6688 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
14:54:06.0444 6688 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c
14:54:06.0446 6688 sptd ( LockedFile.Multi.Generic ) - warning
14:54:06.0446 6688 sptd - detected LockedFile.Multi.Generic (1)
14:54:06.0538 6688 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:54:06.0617 6688 srv - ok
14:54:06.0660 6688 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:54:06.0718 6688 srv2 - ok
14:54:06.0763 6688 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:54:06.0776 6688 srvnet - ok
14:54:06.0828 6688 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
14:54:06.0874 6688 SSDPSRV - ok
14:54:06.0906 6688 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
14:54:06.0948 6688 SstpSvc - ok
14:54:07.0056 6688 Steam Client Service - ok
14:54:07.0313 6688 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:54:07.0361 6688 Stereo Service - ok
14:54:07.0625 6688 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
14:54:07.0690 6688 stisvc - ok
14:54:07.0735 6688 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:54:07.0746 6688 swenum - ok
14:54:07.0796 6688 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
14:54:07.0843 6688 swprv - ok
14:54:07.0906 6688 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:54:07.0918 6688 Symc8xx - ok
14:54:07.0935 6688 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:54:07.0947 6688 Sym_hi - ok
14:54:08.0064 6688 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:54:08.0075 6688 Sym_u3 - ok
14:54:08.0735 6688 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
14:54:08.0792 6688 SysMain - ok
14:54:09.0001 6688 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
14:54:09.0018 6688 TabletInputService - ok
14:54:09.0222 6688 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
14:54:09.0284 6688 TapiSrv - ok
14:54:09.0487 6688 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
14:54:09.0546 6688 TBS - ok
14:54:09.0984 6688 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
14:54:10.0058 6688 Tcpip - ok
14:54:10.0781 6688 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
14:54:10.0824 6688 Tcpip6 - ok
14:54:11.0398 6688 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
14:54:11.0434 6688 tcpipreg - ok
14:54:11.0458 6688 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:54:11.0508 6688 TDPIPE - ok
14:54:11.0624 6688 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:54:11.0658 6688 TDTCP - ok
14:54:11.0706 6688 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:54:11.0750 6688 tdx - ok
14:54:12.0036 6688 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:54:12.0048 6688 TermDD - ok
14:54:12.0102 6688 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
14:54:12.0169 6688 TermService - ok
14:54:12.0225 6688 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
14:54:12.0242 6688 Themes - ok
14:54:12.0387 6688 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:54:12.0437 6688 THREADORDER - ok
14:54:12.0517 6688 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
14:54:12.0592 6688 TrkWks - ok
14:54:12.0636 6688 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
14:54:12.0678 6688 TrustedInstaller - ok
14:54:12.0743 6688 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:12.0775 6688 tssecsrv - ok
14:54:12.0791 6688 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:54:12.0838 6688 tunmp - ok
14:54:12.0864 6688 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:54:12.0894 6688 tunnel - ok
14:54:13.0223 6688 TVersityMediaServer (e7cde6a37612582b68295b35c123c623) C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe
14:54:13.0283 6688 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - warning
14:54:13.0283 6688 TVersityMediaServer - detected UnsignedFile.Multi.Generic (1)
14:54:13.0323 6688 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:54:13.0337 6688 uagp35 - ok
14:54:13.0413 6688 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:54:13.0446 6688 udfs - ok
14:54:13.0494 6688 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
14:54:13.0541 6688 UI0Detect - ok
14:54:13.0619 6688 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
14:54:13.0638 6688 uisp - ok
14:54:13.0658 6688 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:54:13.0675 6688 uliagpkx - ok
14:54:13.0999 6688 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:54:14.0030 6688 uliahci - ok
14:54:14.0331 6688 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:54:14.0352 6688 UlSata - ok
14:54:14.0377 6688 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:54:14.0398 6688 ulsata2 - ok
14:54:14.0420 6688 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:54:14.0470 6688 umbus - ok
14:54:14.0515 6688 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
14:54:14.0557 6688 UMPass - ok
14:54:14.0656 6688 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
14:54:14.0719 6688 UmRdpService - ok
14:54:14.0823 6688 UpdateCenterService - ok
14:54:14.0870 6688 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
14:54:14.0939 6688 upnphost - ok
14:54:15.0242 6688 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
14:54:15.0295 6688 usbaudio - ok
14:54:15.0326 6688 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:15.0362 6688 usbccgp - ok
14:54:15.0864 6688 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:54:15.0979 6688 usbcir - ok
14:54:16.0014 6688 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:54:16.0042 6688 usbehci - ok
14:54:16.0072 6688 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:54:16.0108 6688 usbhub - ok
14:54:16.0128 6688 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:54:16.0188 6688 usbohci - ok
14:54:16.0364 6688 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:54:16.0392 6688 usbprint - ok
14:54:16.0571 6688 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:54:16.0617 6688 usbscan - ok
14:54:16.0649 6688 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:16.0683 6688 USBSTOR - ok
14:54:16.0754 6688 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:54:16.0776 6688 usbuhci - ok
14:54:16.0812 6688 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:54:16.0877 6688 usbvideo - ok
14:54:16.0915 6688 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
14:54:16.0969 6688 UxSms - ok
14:54:17.0011 6688 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
14:54:17.0084 6688 vds - ok
14:54:17.0104 6688 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:17.0148 6688 vga - ok
14:54:17.0221 6688 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:54:17.0261 6688 VgaSave - ok
14:54:17.0324 6688 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:54:17.0334 6688 viaide - ok
14:54:17.0383 6688 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:54:17.0395 6688 volmgr - ok
14:54:17.0652 6688 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:54:17.0679 6688 volmgrx - ok
14:54:17.0793 6688 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:54:17.0813 6688 volsnap - ok
14:54:17.0945 6688 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:54:17.0960 6688 vsmraid - ok
14:54:18.0425 6688 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
14:54:18.0559 6688 VSS - ok
14:54:18.0925 6688 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
14:54:18.0998 6688 W32Time - ok
14:54:19.0453 6688 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:54:19.0504 6688 WacomPen - ok
14:54:19.0793 6688 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:19.0840 6688 Wanarp - ok
14:54:19.0843 6688 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:19.0886 6688 Wanarpv6 - ok
14:54:20.0000 6688 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
14:54:20.0154 6688 wbengine - ok
14:54:20.0462 6688 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
14:54:20.0595 6688 wcncsvc - ok
14:54:20.0634 6688 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
14:54:20.0675 6688 WcsPlugInService - ok
14:54:20.0753 6688 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:54:20.0766 6688 Wd - ok
14:54:20.0952 6688 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:54:21.0021 6688 Wdf01000 - ok
14:54:21.0062 6688 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:54:21.0114 6688 WdiServiceHost - ok
14:54:21.0124 6688 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:54:21.0160 6688 WdiSystemHost - ok
14:54:21.0672 6688 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
14:54:21.0724 6688 WebClient - ok
14:54:21.0766 6688 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
14:54:21.0826 6688 Wecsvc - ok
14:54:21.0947 6688 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
14:54:21.0989 6688 wercplsupport - ok
14:54:22.0108 6688 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
14:54:22.0143 6688 WerSvc - ok
14:54:22.0186 6688 WinHttpAutoProxySvc - ok
14:54:22.0665 6688 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
14:54:22.0694 6688 Winmgmt - ok
14:54:23.0150 6688 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
14:54:23.0269 6688 WinRM - ok
14:54:23.0690 6688 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
14:54:23.0774 6688 Wlansvc - ok
14:54:24.0225 6688 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:54:24.0329 6688 wlidsvc - ok
14:54:24.0961 6688 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:54:25.0023 6688 WmiAcpi - ok
14:54:25.0387 6688 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
14:54:25.0431 6688 wmiApSrv - ok
14:54:25.0612 6688 WMPNetworkSvc - ok
14:54:25.0795 6688 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
14:54:25.0883 6688 WPCSvc - ok
14:54:26.0071 6688 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
14:54:26.0100 6688 WPDBusEnum - ok
14:54:26.0741 6688 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:54:26.0800 6688 WPFFontCache_v0400 - ok
14:54:27.0082 6688 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:54:27.0126 6688 ws2ifsl - ok
14:54:27.0129 6688 WSearch - ok
14:54:27.0541 6688 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:54:27.0649 6688 wuauserv - ok
14:54:28.0409 6688 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:28.0442 6688 WUDFRd - ok
14:54:28.0475 6688 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
14:54:28.0524 6688 wudfsvc - ok
14:54:28.0545 6688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:54:28.0599 6688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:54:28.0599 6688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:54:28.0896 6688 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:54:28.0896 6688 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:54:28.0901 6688 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:54:31.0527 6688 \Device\Harddisk1\DR1 - ok
14:54:31.0548 6688 Boot (0x1200) (fa0742b51d9940ae75f149ce888e7f0a) \Device\Harddisk0\DR0\Partition0
14:54:31.0572 6688 \Device\Harddisk0\DR0\Partition0 - ok
14:54:31.0576 6688 Boot (0x1200) (8ffef6f0e840cebb2abacee9a75c6539) \Device\Harddisk1\DR1\Partition0
14:54:31.0577 6688 \Device\Harddisk1\DR1\Partition0 - ok
14:54:31.0577 6688 ============================================================
14:54:31.0577 6688 Scan finished
14:54:31.0577 6688 ============================================================
14:54:31.0584 6680 Detected object count: 10
14:54:31.0584 6680 Actual detected object count: 10
15:10:22.0109 6680 CrucialSMBusScan ( ForgedFile.Multi.Generic ) - skipped by user
15:10:22.0109 6680 CrucialSMBusScan ( ForgedFile.Multi.Generic ) - User select action: Skip
15:10:22.0109 6680 CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0109 6680 CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0111 6680 HitmanPro35Crusader ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0111 6680 HitmanPro35Crusader ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0133 6680 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0133 6680 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0134 6680 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0134 6680 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0136 6680 pgsql-8.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0136 6680 pgsql-8.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0137 6680 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:10:22.0137 6680 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:10:22.0138 6680 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:22.0138 6680 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:22.0139 6680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
15:10:22.0139 6680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
15:10:22.0140 6680 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:10:22.0140 6680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:10:39.0820 6132 Deinitialize success


Farbar Service Scanner Version: 02-07-2012
Ran by John (administrator) on 05-07-2012 at 15:11:45
Running from "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0X9984O"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-18 08:49] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-14 16:06] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 22:50] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 08:09] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-18 08:49] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-18 08:49] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-18 08:50] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-18 08:48] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-18 08:49] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-18 08:50] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-18 08:50] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 13:03] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-18 08:50] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

OTL logfile created on: 7/5/2012 3:18:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 53.94% Memory free
16.20 Gb Paging File | 11.92 Gb Available in Paging File | 73.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 14.46 Gb Free Space | 4.85% Space Free | Partition Type: NTFS
Drive D: | 139.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.73 Gb Total Space | 3.11 Gb Free Space | 83.38% Space Free | Partition Type: FAT32

Computer Name: RAXOR-II | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 15:17:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/04/25 15:33:40 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/29 20:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 13:23:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/12/13 11:28:44 | 024,168,304 | ---- | M] (Phoenix Viewer) -- C:\Program Files (x86)\Phoenix Viewer\PhoenixViewer.exe
PRC - [2011/08/19 12:42:46 | 000,952,176 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\SLVoice.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/10/09 17:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 17:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/13 11:27:24 | 001,409,024 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\llcommon.dll
MOD - [2011/12/13 11:02:24 | 002,445,312 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\libcollada14dom22.dll
MOD - [2011/12/13 11:02:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\glod.dll
MOD - [2011/12/13 11:02:22 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\libtcmalloc_minimal.dll
MOD - [2011/12/13 11:02:22 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\growl.dll
MOD - [2011/12/13 11:02:22 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\growl++.dll
MOD - [2011/08/19 12:42:46 | 000,952,176 | ---- | M] () -- C:\Program Files (x86)\Phoenix Viewer\SLVoice.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/09/21 03:27:02 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/25 21:17:18 | 000,567,024 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/04/26 19:25:31 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/25 15:33:41 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/13 14:52:15 | 007,612,928 | ---- | M] (SurfRight B.V.) [On_Demand | Stopped] -- C:\Users\John\Desktop\HitmanPro35_x64.exe -- (HitmanPro35Crusader)
SRV - [2012/02/29 20:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/23 13:23:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/05/18 18:58:09 | 003,614,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 01:28:17 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/22 17:31:56 | 000,856,064 | ---- | M] () [Disabled | Stopped] -- C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/04/27 11:39:50 | 000,170,016 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/04/15 09:42:56 | 000,273,952 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/05 09:12:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/28 12:08:32 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\dlbkcoms.exe -- (dlbk_device)
SRV - [2005/01/31 08:50:24 | 000,066,335 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.0\bin\pg_ctl.exe -- (pgsql-8.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/04 18:05:10 | 000,023,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 12:33:47 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2009/11/16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/08 21:14:24 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2009/05/08 21:14:18 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/09 12:25:12 | 000,042,016 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2008/11/16 00:27:06 | 000,018,984 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CrucialSMBusScan.sys -- (CrucialSMBusScan)
DRV:64bit: - [2008/11/04 14:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MTictwl.sys -- (NCPro)
DRV:64bit: - [2008/11/04 14:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/07/27 22:54:28 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2006/10/26 16:33:32 | 000,013,696 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2010/03/27 09:05:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/03/26 11:04:57 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2006/12/12 16:07:34 | 000,024,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/01/05 17:43:06 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 8F 0C 66 AB F1 CB 01 [binary data]
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\SearchScopes,DefaultScope = {E42BE6D4-2E95-E1CA-6A65-D0D081FEEEB1}
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\SearchScopes\{E42BE6D4-2E95-E1CA-6A65-D0D081FEEEB1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\John\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\John\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/25 19:52:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/12/07 04:40:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\John\Program Files (x86)\DNA [2010/04/15 14:33:31 | 000,000,000 | ---D | M]

[2011/08/25 20:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/10/13 14:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/18 10:54:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/09/02 06:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/12 01:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/07/15 04:07:15 | 000,001,307 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 72.167.232.201 www.gameknightcrew.com
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1008..\Run: [ooVoo] C\ooVoo.exe /minimized File not found
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1008..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1000\..Trusted Domains: digg.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5912/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBEDCEA5-B828-4E32-8286-95009933B24F}: NameServer = 167.206.245.130,167.206.245.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/20 20:20:44 | 000,000,010 | R--- | M] () - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2006/04/30 19:47:08 | 000,000,038 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/24 10:53:20 | 000,000,048 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\Shell - "" = AutoRun
O33 - MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/09/24 10:53:20 | 002,174,976 | R--- | M] (SKIDROW)
O33 - MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ShellRun.exe index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim6 - hkey= - key= - C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\John\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
MsConfig:64bit - StartUpReg: dlbkbmgr.exe - hkey= - key= - C:\Program Files (x86)\Dell AIO Printer A920\dlbkbmgr.exe (Dell)
MsConfig:64bit - StartUpReg: EasyTuneVPro - hkey= - key= - C:\Program Files (x86)\Gigabyte\ET5Pro\ETcall.exe ()
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files (x86)\Dell PC Fax\fm3032.exe ()
MsConfig:64bit - StartUpReg: Habu - hkey= - key= - C:\Program Files (x86)\Razer\Habu\razerhid.exe ()
MsConfig:64bit - StartUpReg: igndlm.exe - hkey= - key= - C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: MagicTuneEngine - hkey= - key= - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSSE - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5ABB9507-EC94-C920-94DE-B87CE1FCC20F} -
ActiveX:64bit: {5B50319C-9640-DB0A-E2B2-CF897B10BD5D} - Offline Browsing Pack
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {D79AB5D9-1992-FB40-2F30-8E2E80309DF2} - Microsoft Windows Media Player
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E8386336-A430-66EA-1B78-93D2D3F4032A} - Internet Explorer
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F6CE2864-016A-41EA-2324-8CB61C4E7E25} - Offline Browsing Pack
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 15:17:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/07/05 14:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/07/04 23:58:59 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\gmer
[2012/07/04 22:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/07/04 22:36:54 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\bleepingcomp
[2012/07/04 22:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/04 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/04 21:54:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/07/04 18:33:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}
[2012/07/04 18:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2012/07/04 18:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/07/04 18:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/07/04 18:02:06 | 007,612,928 | ---- | C] (SurfRight B.V.) -- C:\Users\John\Desktop\HitmanPro35_x64.exe
[2012/07/04 18:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/04 06:28:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/29 01:45:40 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\computer
[2012/06/26 17:13:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SKIDROW
[2012/06/26 10:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2012/06/26 10:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\civ5
[2012/06/25 20:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/18 22:47:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/18 22:47:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/18 22:47:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/18 22:46:24 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/18 22:46:24 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/18 22:46:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/18 22:46:24 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/18 22:46:24 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/18 22:46:24 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/18 22:46:15 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/18 22:46:15 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/18 22:46:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/18 22:46:14 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/14 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/06/14 16:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2012/06/14 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\dll-files.com
[2012/06/14 07:07:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 07:07:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 07:07:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 07:07:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 07:07:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 07:07:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 07:07:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 07:07:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 07:07:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 07:07:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 07:07:34 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 07:07:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 07:07:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 13:03:34 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 13:03:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 08:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack 2012
[2012/06/13 08:15:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TweakNow PowerPack 2012
[2012/06/13 08:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2012
[2012/06/13 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Windows Authenticator
[2012/06/10 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}
[2012/06/10 09:30:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 15:23:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 15:17:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/07/05 14:36:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/05 14:31:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 14:31:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 14:31:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 14:31:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/05 14:27:31 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/07/05 12:48:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/05 00:03:49 | 000,294,216 | ---- | M] () -- C:\Users\John\Desktop\gmer.zip
[2012/07/04 22:42:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/07/04 22:17:22 | 000,002,593 | ---- | M] () -- C:\Users\John\Desktop\HiJackThis (2).lnk
[2012/07/04 22:14:27 | 000,001,958 | ---- | M] () -- C:\Users\John\Desktop\HiJackThis.lnk
[2012/07/04 18:05:10 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/07/04 18:05:09 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/07/04 18:04:25 | 000,220,160 | ---- | M] () -- C:\Users\John\Desktop\mayday%20malwarebytes%20activation
[2012/07/04 18:01:07 | 017,730,684 | ---- | M] () -- C:\Users\John\Desktop\Hitman Pro 3.5.9 Build 125 (x86-x64).rar
[2012/07/04 17:45:05 | 000,816,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 17:45:05 | 000,681,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 17:45:05 | 000,135,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 16:43:08 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/07/04 11:57:37 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/07/04 11:53:57 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 03:09:40 | 115,442,149 | ---- | M] () -- C:\Users\John\Desktop\WWII Full Earth Campaign Parts 1 and 2 (v15v12).zip
[2012/06/26 11:14:05 | 000,000,757 | ---- | M] () -- C:\Users\John\Desktop\Sid Meiers Civilization V.lnk
[2012/06/18 22:07:17 | 000,002,329 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/06/14 16:43:37 | 000,000,927 | ---- | M] () -- C:\Users\John\Desktop\DLL-Files.com FIXER.lnk
[2012/06/14 16:41:42 | 009,115,460 | ---- | M] () -- C:\Users\John\Desktop\Cracked dll Library fixer.rar
[2012/06/14 11:30:57 | 002,170,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 08:15:07 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012/06/13 07:39:09 | 002,473,953 | ---- | M] () -- C:\Users\John\Desktop\WinAuth-1.7.1314.zip
[2012/06/10 07:58:43 | 634,922,331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/06 15:52:20 | 004,266,496 | ---- | M] () -- C:\Users\John\Desktop\WinAuth.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 00:03:48 | 000,294,216 | ---- | C] () -- C:\Users\John\Desktop\gmer.zip
[2012/07/04 22:17:22 | 000,002,593 | ---- | C] () -- C:\Users\John\Desktop\HiJackThis (2).lnk
[2012/07/04 22:14:27 | 000,001,958 | ---- | C] () -- C:\Users\John\Desktop\HiJackThis.lnk
[2012/07/04 21:50:55 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@
[2012/07/04 18:05:10 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/07/04 18:05:09 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/07/04 18:04:25 | 000,220,160 | ---- | C] () -- C:\Users\John\Desktop\mayday%20malwarebytes%20activation
[2012/07/04 17:53:42 | 017,730,684 | ---- | C] () -- C:\Users\John\Desktop\Hitman Pro 3.5.9 Build 125 (x86-x64).rar
[2012/07/04 11:53:57 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 06:21:20 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\L\00000004.@
[2012/07/03 03:08:26 | 115,442,149 | ---- | C] () -- C:\Users\John\Desktop\WWII Full Earth Campaign Parts 1 and 2 (v15v12).zip
[2012/06/26 11:14:05 | 000,000,757 | ---- | C] () -- C:\Users\John\Desktop\Sid Meiers Civilization V.lnk
[2012/06/14 16:43:58 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/06/14 16:43:37 | 000,000,927 | ---- | C] () -- C:\Users\John\Desktop\DLL-Files.com FIXER.lnk
[2012/06/14 16:41:42 | 009,115,460 | ---- | C] () -- C:\Users\John\Desktop\Cracked dll Library fixer.rar
[2012/06/13 08:15:07 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012/06/13 07:43:38 | 004,266,496 | ---- | C] () -- C:\Users\John\Desktop\WinAuth.exe
[2012/06/13 07:39:09 | 002,473,953 | ---- | C] () -- C:\Users\John\Desktop\WinAuth-1.7.1314.zip
[2012/06/10 07:58:43 | 634,922,331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
[2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
[2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
[2011/10/01 08:14:51 | 000,005,120 | ---- | C] () -- C:\Users\John\AppData\Local\Databases.db
[2011/07/26 20:57:13 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/17 15:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/12/06 02:38:46 | 000,027,528 | ---- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png
[2009/07/31 06:52:29 | 000,000,170 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/07/31 06:36:33 | 000,190,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 06:22:04 | 000,190,224 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/10 06:09:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/12 00:34:20 | 000,000,552 | ---- | C] () -- C:\Users\John\AppData\Local\d3d8caps.dat
[2009/01/23 13:37:05 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\settings.ini
[2009/01/07 18:43:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\zpdwc4stgs.dat
[2008/08/30 12:56:07 | 000,000,092 | ---- | C] () -- C:\Users\John\AppData\Local\fusioncache.dat
[2008/07/04 22:14:34 | 000,053,248 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/25 03:34:29 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2008/06/24 13:21:41 | 000,000,732 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps64.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}\*.* /s >

< C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}\*.* /s >

< C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: AFD.SYS >
[2012/01/03 10:21:38 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=022ED7EB19DFECF39C106E0F9CF2BB19 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys
[2011/04/21 10:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009/04/11 01:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011/04/21 09:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011/04/21 09:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011/04/21 09:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2012/01/03 10:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\SysNative\drivers\afd.sys
[2012/01/03 10:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys
[2008/01/20 22:47:25 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 22:49:16 | 000,250,368 | ---- | M] (Microsoft Corporation) MD5=7A29CA243A629230799754162D80120F -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_bc8363e5afa1989b\netbt.sys
[2009/04/11 01:42:33 | 000,248,320 | ---- | M] (Microsoft Corporation) MD5=FC2C792EBDDC8E28DF939D6A92C83D61 -- C:\Windows\SysNative\drivers\netbt.sys
[2009/04/11 01:42:33 | 000,248,320 | ---- | M] (Microsoft Corporation) MD5=FC2C792EBDDC8E28DF939D6A92C83D61 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_be6edcf1acc363e7\netbt.sys

< MD5 for: SERVICES.EXE >
[2008/01/20 22:49:37 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2012/07/05 14:27:31 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:48:47 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: TDX.SYS >
[2009/04/11 01:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\SysNative\drivers\tdx.sys
[2009/04/11 01:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_4847dcdb9194e539\tdx.sys
[2008/01/20 22:48:58 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=8C39C72E0E853DE04748C0337D9B9216 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_465c63cf947319ed\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/04/11 03:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/04/11 03:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2008/01/20 22:46:11 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:47:10 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 22:47:10 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 22:49:28 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 22:49:28 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:48:54 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/12 01:57:31 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/12 01:57:31 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/12 01:57:31 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/08/12 01:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/08/12 01:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/12 01:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/08/26 09:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/08/26 09:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/08/26 09:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/26 09:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/26 09:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/26 09:21:07 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:51CF25B1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2C595FF3

< End of report >



OTL Extras logfile created on: 7/5/2012 3:18:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 53.94% Memory free
16.20 Gb Paging File | 11.92 Gb Available in Paging File | 73.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 14.46 Gb Free Space | 4.85% Space Free | Partition Type: NTFS
Drive D: | 139.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.73 Gb Total Space | 3.11 Gb Free Space | 83.38% Space Free | Partition Type: FAT32

Computer Name: RAXOR-II | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\John\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\John\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 15 EC 3D 58 DA 4A CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk FBX Plug-in 2012.1 - Maya 2012 64-bit" = Autodesk FBX Plug-in 2012.1 - Maya 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"CCleaner" = CCleaner
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Fax Solutions" = Fax Solutions
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-5e1205e9-31de-43da-b65a-6c018ac3765d" = Unreal Development Kit: 2010-02
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1600
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C16BD93-892E-4560-AA22-723F874CB8BA}" = Update Service
"{300A470B-681B-449F-82AE-6D19114702CE}" = PhysX Screen Saver
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AA3FA26-72A2-4D06-9BFE-98E650A37B6D}" = PostgreSQL 8.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA50070A-18C1-4E74-AB7B-1803EF210A6D}" = Borderlands
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1" = Invoke Solutions Participant 6.2.0.1452
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE72186D-A4A5-4504-839C-B14FC3432DA1}" = LightScribe Template Designs - Fantasy Pack 1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B07.0509.01
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{e9a5db36-ba54-458e-8ac7-64bf74ea496d}" = Nero 9 Lite
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB677191-1FFE-4DED-A18F-CDBEBAEB0ECA}" = Quake Live Internet Explorer Plugin
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM_6" = AIM 6
"APB North America" = APB North America
"Archasis II" = Archasis II v0.81
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AutoItv3" = AutoIt v3.3.6.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Core FTP LE 2.1" = Core FTP LE 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Digg Stack" = Digg Stack Screen Saver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024
"Download Manager" = Download Manager 2.3.7
"EasyTune5Pro" = EasyTune5Pro
"ESN Sonar-0.70.4" = ESN Sonar
"Firestorm-Beta-Mesh" = Firestorm-Beta-Mesh (remove only)
"Fraps" = Fraps (remove only)
"Froggy" = Froggy demo by NVIDIA (remove only)
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Google Updater" = Google Updater
"Impulse" = Impulse
"Impulse®" = Impulse®
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"Search Toolbar" = Search Toolbar
"SecondLifeDevelopment" = SecondLifeDevelopment (remove only)
"SecondLifeProjectViewer-Mesh" = SecondLifeProjectViewer-Mesh (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Smoke" = Smoke demo by NVIDIA (remove only)
"SpaceShuttleMission2007Demo_is1" = SpaceShuttleMission2007 v5.30 Demo
"SpeedFan" = SpeedFan (remove only)
"SpeedTestPro_is1" = Absolute Futurity SpeedTestPro Ver 1.0.73
"ST6UNST #1" = Recorder
"Steam App 105600" = Terraria
"Steam App 11020" = TrackMania Nations Forever
"Steam App 15320" = IL-2 Sturmovik: 1946
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Elder Scrolls V: Skyrim" = The Elder Scrolls V: Skyrim
"ToolBox" = NCH Toolbox
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"TweakNow PowerPack 2012_is1" = TweakNow PowerPack 2012
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.8
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [64-Bit]
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"CodeBlocks" = CodeBlocks
"Game Organizer" = EasyBits GO
"Renegade X - Beta v0.35" = Renegade X - Beta v0.35
"UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2012 2:36:56 PM | Computer Name = Raxor-II | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, time stamp
0x48af14ef, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7525a57d, process id 0xe48, application start time
0x01cd5add1f46ae31.

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1023
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1022
Description =

Error - 7/5/2012 2:49:30 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1018
Description =

Error - 7/5/2012 2:49:33 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

Error - 7/5/2012 2:49:33 PM | Computer Name = Raxor-II | Source = Perflib | ID = 1008
Description =

[ Media Center Events ]
Error - 1/2/2009 2:54:40 AM | Computer Name = Raxor-II | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/3/2009 7:19:44 PM | Computer Name = Raxor-II | Source = Mcx2Svc | ID = 301
Description =

Error - 9/27/2009 1:25:54 AM | Computer Name = Raxor-II | Source = Mcx2Dvcs | ID = 405
Description =

Error - 9/28/2009 6:34:28 AM | Computer Name = Raxor-II | Source = McrMgr | ID = 109
Description =

Error - 11/21/2009 9:18:03 AM | Computer Name = Raxor-II | Source = McrMgr | ID = 109
Description =

Error - 1/9/2010 6:37:24 PM | Computer Name = Raxor-II | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/5/2012 12:36:03 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7009
Description =

Error - 7/5/2012 12:36:03 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7000
Description =

Error - 7/5/2012 2:29:26 PM | Computer Name = Raxor-II | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/5/2012 2:31:50 PM | Computer Name = Raxor-II | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:27:05 PM on 7/5/2012 was unexpected.

Error - 7/5/2012 2:32:54 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7023
Description =

Error - 7/5/2012 2:32:54 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7003
Description =

Error - 7/5/2012 2:32:54 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7003
Description =

Error - 7/5/2012 2:32:55 PM | Computer Name = Raxor-II | Source = Service Control Manager | ID = 7026
Description =

Error - 7/5/2012 2:33:18 PM | Computer Name = Raxor-II | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 7/5/2012 2:38:46 PM | Computer Name = Raxor-II | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Malware Response Team
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:27 AM

Posted 06 July 2012 - 06:26 AM

Hi raxor30!

Not a problem! I'm glad to be of assistance. :thumbsup:

It looks like this infection has corrupted some registry values in your registry, so we'll need to address this a bit later. These registry entries that are corrupt will cause some issues if you attempt to enable certain areas of Windows, like the Windows Firewall, Windows Security Center, ect.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


-----------


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe File not found
    O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe File not found
    O4 - HKU\S-1-5-21-1098364235-1318249198-1425841781-1008..\Run: [ooVoo] C\ooVoo.exe /minimized File not found
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
    O33 - MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\Shell - "" = AutoRun
    O33 - MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/09/24 10:53:20 | 002,174,976 | R--- | M] (SKIDROW)
    O33 - MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ShellRun.exe index.htm
    [2012/07/04 18:33:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}
    [2012/07/04 06:28:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/06/10 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}
    [2012/06/10 09:30:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}
    [2012/07/04 21:50:55 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@
    [2012/07/04 06:21:20 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\L\00000004.@
    [2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
    [2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
    [2012/01/11 00:56:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@
    [2009/01/07 18:43:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\zpdwc4stgs.dat
    @Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:51CF25B1
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2C595FF3
    
    :Reg
    
    :Files
    C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 July 2012 - 09:11 AM

I did the OTL fix. It asked to restart computer did that. All that came up was a black screen. So I did a hard re-boot and was able to log back into windows got the log, looked it over and some parts said "unable to do process in reboot" or something of that matter. So I ran OTL again like you requested and it asked to restart I did that, this time it was stuck in at the "shutting down" screen. So I did a hard reboot. This time I get to the windows loading screen and its stuck there forever. Both in normal & restore to last known configuration. So I dont know what to do. It's been so long since I've installed the OS that I dont have the install cd or recovery CD. What do I do. Help me out here!

#6 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 July 2012 - 09:37 AM

Alright I finally got windows backup and running again. I did ANOTHER OTL and literally went out to lunch to let it do its thing. Came back and it successfully did what it needed to do I guess. I'm posting 2 OTL logs.

This first OTL log is the log I got when I had to hard reboot my computer because there was just a black screen and nothing was coming up upon restart

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM not found.
Registry value HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ooVoo deleted successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
File D:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
File move failed. F:\Installer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
File D:\ShellRun.exe index.htm not found.
C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E} folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9} folder moved successfully.
C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879} folder moved successfully.
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@ moved successfully.
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\L\00000004.@ moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ not found.
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ moved successfully.
C:\ProgramData\zpdwc4stgs.dat moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:51CF25B1 deleted successfully.
ADS C:\ProgramData\TEMP:2C595FF3 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U folder moved successfully.
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\L folder moved successfully.
C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f} folder moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 41085 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 308491 bytes

User: Mcx1

User: Mcx2

User: Mcx3

User: Public

User: UpdatusUser
->Flash cache emptied: 41085 bytes

User: userpostgres77
->Flash cache emptied: 41085 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: John
->Java cache emptied: 4841052 bytes

User: Mcx1

User: Mcx2

User: Mcx3

User: Public

User: UpdatusUser

User: userpostgres77

Total Java Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07062012_092047

Files\Folders moved on Reboot...
File\Folder F:\Installer.exe not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File F:\Installer.exe not found!
[2012/07/06 09:20:56 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...


This second log is the OTL log I recieved after failing to be able to get windows started, then got it started and ran it and let it do its thing.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM not found.
Registry value HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ooVoo not found.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41e2a602-c015-11de-9823-806e6f6e6963}\ not found.
File D:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90322254-7359-11e0-81f7-001a4d553451}\ not found.
File move failed. F:\Installer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5dc1ded-37b5-11df-ad27-806e6f6e6963}\ not found.
File D:\ShellRun.exe index.htm not found.
Folder C:\Users\John\AppData\Local\{683F8758-2419-4A1B-B6E3-9FE4A9BE1D2E}\ not found.
Folder C:\Windows\SysWow64\%APPDATA%\ not found.
Folder C:\Users\John\AppData\Local\{7682C348-8A36-498B-8009-72144899FCB9}\ not found.
Folder C:\Users\John\AppData\Local\{FE3BF66D-84EC-4B68-A5DC-336F33AA2879}\ not found.
File C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@ not found.
File C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\L\00000004.@ not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ not found.
File C:\Windows\System32\config\systemprofile\AppData\Local\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ not found.
File C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\@ not found.
File C:\ProgramData\zpdwc4stgs.dat not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\TEMP:51CF25B1 .
Unable to delete ADS C:\ProgramData\TEMP:2C595FF3 .
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f} not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx3

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: userpostgres77
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: John
->Java cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Mcx3

User: Public

User: UpdatusUser

User: userpostgres77

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07062012_101731

Files\Folders moved on Reboot...
File\Folder F:\Installer.exe not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File F:\Installer.exe not found!
[2012/07/06 10:17:35 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...




I'm doing the Combofix next and will post the results when complete.

#7 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 July 2012 - 10:41 AM

Combofix log:

ComboFix 12-07-06.01 - John 07/06/2012 10:44:23.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.6326 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\John\AppData\Roaming\mIRC\logs\status.log
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\userpostgres77\AppData\Local\temp
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-06 15:18 . 2012-07-06 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 13:20 . 2012-07-06 13:20 -------- d-----w- C:\_OTL
2012-07-05 18:27 . 2012-07-05 18:27 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-05 02:14 . 2012-07-05 02:14 388096 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-05 02:14 . 2012-07-05 02:14 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-04 22:05 . 2012-07-04 22:05 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-07-04 22:05 . 2012-07-04 22:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-07-04 22:02 . 2012-07-04 22:05 -------- d-----w- c:\programdata\Hitman Pro
2012-07-04 22:00 . 2012-07-04 22:00 -------- d-----w- c:\programdata\HitmanPro
2012-07-03 16:59 . 2012-02-10 22:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C99EA17-E67F-41F0-8A20-AD126FB34C03}\gapaengine.dll
2012-07-03 16:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D89E24BD-A1BD-4A95-B2F0-00A503922501}\mpengine.dll
2012-07-02 16:57 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-26 21:13 . 2012-06-26 21:13 -------- d-----w- c:\users\John\AppData\Local\SKIDROW
2012-06-26 14:53 . 2012-06-26 15:15 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
2012-06-26 00:39 . 2012-06-26 00:39 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-19 02:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-19 02:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-19 02:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-19 02:46 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:46 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-19 02:46 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-19 02:46 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 20:43 . 2012-06-14 20:43 -------- d-----w- c:\users\John\AppData\Roaming\dll-files.com
2012-06-14 20:43 . 2012-06-14 20:43 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2012-06-13 17:03 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:03 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:03 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:03 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 17:03 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:03 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:03 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 17:03 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 13:39 . 2012-02-10 22:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB25F90D-5075-4563-928C-BA03B67A511D}\gapaengine.dll
2012-06-13 12:15 . 2012-06-13 12:15 -------- d-----w- c:\program files (x86)\TweakNow PowerPack 2012
2012-06-13 12:15 . 2012-06-13 12:15 -------- d-----w- c:\users\John\AppData\Roaming\TweakNow PowerPack 2012
2012-06-13 11:41 . 2012-06-13 11:42 -------- d-----w- c:\users\John\AppData\Roaming\Windows Authenticator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 18:27 . 2009-09-18 12:49 384512 ----a-w- c:\windows\system32\services.exe
2012-05-04 13:10 . 2009-05-26 22:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-04 13:10 . 2008-08-30 16:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-03 23:03 . 2008-08-30 16:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-25 19:33 . 2012-04-25 19:33 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-25 19:33 . 2011-07-03 02:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-02 3077528]
"Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-05-19 49968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files (x86)\Impulse\Now\ImpulseNow.exe [2011-10-13 2042088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90322254-7359-11e0-81f7-001a4d553451}]
\shell\AutoRun\command - F:\Installer.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 04:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:33]
.
2012-07-04 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-06-14 16:41]
.
2012-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-16 09:10]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 04:29]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 04:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: digg.com
TCP: Interfaces\{FBEDCEA5-B828-4E32-8286-95009933B24F}: NameServer = 167.206.245.130,167.206.245.129
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\q28k0xks.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Digg Stack - c:\windows\system32\Digg Stack.scr
AddRemove-Impulse - c:\programdata\{3324F7A6-7151-481D-8C80-99FEE7AFB967}\Impulse_setup.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0f,3c,2c,b6,1d,e2,dc,e8,ab,52,6c,bb,6a,6d,76,2b,9c,fe,59,76,4b,ae,b6,
71,10,c3,a1,df,b6,e3,99,a0,aa,05,18,4c,4b,80,1d,de,65,fe,66,38,0e,52,88,70,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1098364235-1318249198-1425841781-1000\Software\SecuROM\License information*]
"datasecu"=hex:d3,1d,05,d2,64,bc,bb,e1,98,02,c2,5c,d5,51,a2,c5,16,bd,41,aa,f0,
70,eb,55,c1,46,bf,da,32,ec,d1,5b,74,fa,01,51,19,54,5d,63,f9,a1,db,59,6b,27,\
"rkeysecu"=hex:a9,28,6a,94,b4,2f,18,7d,63,1f,8f,85,3f,f0,33,95
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\06\17\10\18\08d"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-07-06 11:34:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 15:34
.
Pre-Run: 49,171,177,472 bytes free
Post-Run: 50,201,141,248 bytes free
.
- - End Of File - - 93CBFA28BADD7110369120D9F53C516E


Here is a question I now have. I get a window since I was infected saying "winrscmde stopped working and was closed". What is this thing? Is it bad or good or was it part of the things that the rootkit destroyed. Also if you click on "close" it pops back up again.

#8 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 July 2012 - 11:05 AM

UGH bad news. Malware bytes detected svchost.exe again. :(

#9 SweetTech

SweetTech

    Agent ST


  • Malware Response Team
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:27 AM

Posted 07 July 2012 - 06:28 AM

Hi raxor30!

Sorry for not responding to your replies yesterday, I was out of the house for the entire day.

I get a window since I was infected saying "winrscmde stopped working and was closed". What is this thing? Is it bad or good or was it part of the things that the rootkit destroyed.


Could you please provide me with the full error message you're receiving and/or a screenshot of it.

Please take a screenshot of that window.
  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
  • Then click Reply in this topic.
  • Scroll down to Attachments.
  • Click the Browse button.
  • Locate the file you just saved, click on it, then click Open.
  • Click Upload and submit the reply.


NEXT:



UGH bad news. Malware bytes detected svchost.exe again.

Could you please post that log file for me?

Grab Malwarebytes' Anti-Malware Log-File

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


How are things behaving with your computer right now?

Let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 July 2012 - 08:12 AM

I had restarted my computer later that day and im not getting winrscmde stopped working and was closed. I did get this when I fired up a game I often use called "second life", and a viewer called "Phoinex Viewer" though:

"Malwarebytes Anti-Malware has detected a malicious process attempting to start and blocked the execution attempt. Please select an option below.

C:\WINDOWS\SVCHOST.EXE
TROJAN.AGENT

Quarantined it. Running both Malwarebytes & Hitman Pro scans right now. Will let you know.

#11 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 July 2012 - 08:37 AM

Alright I just finished the Hitman Pro scan and it found this stuff:

Possible variant of TDL rootkit detected (TDSS, Alureon, Olmarik)
The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files.

dlbklpar.dll
C:\Windows\system32\spool\drivers\x64\3\

Master Boot Record (Sector 0) Bootkit
C:$MBR
Contains characteristics of an identified security risk. Win32/Bootkit


Now I am going to restart my computer and do a full Malwarebytes scan without opening anything and see what comes up in the log and post.

#12 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 July 2012 - 08:45 AM

Restarted the computer. Low and behold winrscmde has popped up attached is the image.

Attached Files



#13 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 July 2012 - 11:20 AM

Here is your Malwarebytes log you requested:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: RAXOR-II [administrator]

Protection: Disabled

7/7/2012 9:45:51 AM
mbam-log-2012-07-07 (12-18-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 795687
Time elapsed: 2 hour(s), 29 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\_OTL\MovedFiles\07062012_092047\C_Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#14 SweetTech

SweetTech

    Agent ST


  • Malware Response Team
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:27 AM

Posted 07 July 2012 - 12:44 PM

Hi!

Alright I just finished the Hitman Pro scan and it found this stuff:

Okay. Thanks for that log. Please be extremely careful with Hitman Pro. I've worked with users in the past who have had issues with it causing them to not be able to boot after having it fix a detected threat.

winrscmde stopped working and was closed.

This started occurring after you became infected, correct?

This threat here:

C:\_OTL\MovedFiles\07062012_092047\C_Windows\Installer\{0c9b99d9-2f4f-8f00-0f30-a77afe94a28f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

is currently in quarantine, and would have gotten removed when we cleaned up our tools later, but you can go head and have MalwareBytes' Anti-Malware remove it as well as the other threat below:

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

Then do this scan for me:

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Edited by SweetTech, 07 July 2012 - 12:47 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 raxor30

raxor30
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 July 2012 - 12:58 PM

Upon restart I got a windows notification saying "google installer stopped working and was closed". I didnt try to install google installer or even have ever had it which I found odd. Anyway I did your scan here is the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 13:53:43
-----------------------------
13:53:43.058 OS Version: Windows x64 6.0.6002 Service Pack 2
13:53:43.058 Number of processors: 2 586 0xF0B
13:53:43.058 ComputerName: RAXOR-II UserName: John
13:54:00.155 Initialize success
13:54:31.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
13:54:31.391 Disk 0 Vendor: ST3320620NS 3.AEK Size: 305244MB BusType: 3
13:54:31.391 Device \Driver\atapi -> MajorFunction fffffa8008f6d5e8
13:54:31.406 Disk 0 MBR read successfully
13:54:31.406 Disk 0 MBR scan
13:54:31.406 Disk 0 Windows VISTA default MBR code
13:54:31.406 Disk 0 MBR hidden
13:54:31.422 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
13:54:31.437 Disk 0 scanning C:\Windows\system32\drivers
13:54:38.286 Service scanning
13:54:47.677 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:54:51.218 Modules scanning
13:54:51.218 Disk 0 trace - called modules:
13:54:51.218 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8008f6d5e8]<<hal.dll
13:54:51.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008add2e0]
13:54:51.234 3 CLASSPNP.SYS[fffffa6000d31c33] -> nt!IofCallDriver -> [0xfffffa8007ac5520]
13:54:51.234 5 acpi.sys[fffffa6000b7ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8007ad7060]
13:54:51.234 \Driver\atapi[0xfffffa8008cf1530] -> IRP_MJ_CREATE -> 0xfffffa8008f6d5e8
13:54:51.234 Scan finished successfully
13:55:33.489 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\bleepingcomp\MBR.dat"
13:55:33.489 The log file has been saved successfully to "C:\Users\John\Desktop\bleepingcomp\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users