Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Consrv.dll


  • This topic is locked This topic is locked
25 replies to this topic

#1 NeilR

NeilR

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 14 March 2012 - 09:52 AM

Hi there
Seem to have picked this virus up along the way in last week, MBAM scrubbed it but that gave me BSOD on load up, am able to go in through editing my registry from my XP partition and boot Vista64 back in, shortly after Mcafee reports trojan detection in desktop.ini and the cycle goes around again, during running i show multiple ping.exe running which i can kill but return.

Have downloaded Combofix but not ran yet as everywhere leads to finding an advisor b4 running this.

Help appreciated please

Thx
Neil

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by AshiDo at 17:46:16 on 2012-03-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.5724 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Windows\system32\lxbucoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Behringer\BCD3000\Drivers\bcd3kcpan.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
E:\SYSINTERNALSSUITE\PROCEXP.EXE
E:\SYSINTERNALSSUITE\PROCEXP64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\TEMP\unrjrm\setup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.

Edited by NeilR, 14 March 2012 - 12:50 PM.
Moved from Vista to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 14 March 2012 - 01:40 PM

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-14 18:38:55
Windows 6.0.6002 Service Pack 2
Running: f96fsdei.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}@hacadhfegpmlpolo 0x6B 0x61 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}@iambjpmmjalfhgncma 0x63 0x61 0x6A 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}@iaiabegdliaeocoiln 0x6B 0x61 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\djashido@yahoo.com@e316273424d7736ad945763b0e8c71a4\r\n 0xD2 0x32 0x3E 0x74 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS04A4E.log 131072 bytes
File C:\Windows\assembly\temp\U\80000004.$ (size mismatch) 17280/0 bytes executable
File C:\Windows\assembly\temp\U\80000032.$ (size mismatch) 96175/0 bytes executable

---- EOF - GMER 1.0.15 ----

Attached is file produced from earlier

Attached Files



#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 15 March 2012 - 01:24 AM

Hello Neil and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. aswMBR log.
4. Farbar Service Scanner log.
5. OTL.txt & Extras.txt logs.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Edited by SweetTech, 15 March 2012 - 01:31 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 15 March 2012 - 11:23 AM

1.
TY for your help :)
2.
15:54:24.0192 3612 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:54:24.0418 3612 ============================================================
15:54:24.0418 3612 Current date / time: 2012/03/15 15:54:24.0418
15:54:24.0418 3612 SystemInfo:
15:54:24.0418 3612
15:54:24.0418 3612 OS Version: 6.0.6002 ServicePack: 2.0
15:54:24.0418 3612 Product type: Workstation
15:54:24.0418 3612 ComputerName: ASHIDO-PC
15:54:24.0419 3612 UserName: AshiDo
15:54:24.0419 3612 Windows directory: C:\Windows
15:54:24.0419 3612 System windows directory: C:\Windows
15:54:24.0419 3612 Running under WOW64
15:54:24.0419 3612 Processor architecture: Intel x64
15:54:24.0419 3612 Number of processors: 4
15:54:24.0419 3612 Page size: 0x1000
15:54:24.0419 3612 Boot type: Normal boot
15:54:24.0419 3612 ============================================================
15:54:25.0472 3612 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:54:33.0878 3612 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:54:33.0915 3612 \Device\Harddisk0\DR0:
15:54:33.0964 3612 MBR used
15:54:33.0964 3612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:54:33.0964 3612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x43986B8D
15:54:33.0964 3612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x439B938D, BlocksNum 0x249F94A7
15:54:33.0964 3612 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x683B6000, BlocksNum 0xC34F800
15:54:33.0964 3612 \Device\Harddisk1\DR1:
15:54:33.0965 3612 MBR used
15:54:33.0965 3612 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D70
15:54:34.0399 3612 Initialize success
15:54:34.0399 3612 ============================================================
15:54:56.0614 4164 ============================================================
15:54:56.0614 4164 Scan started
15:54:56.0614 4164 Mode: Manual; SigCheck; TDLFS;
15:54:56.0614 4164 ============================================================
15:54:57.0534 4164 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:54:57.0646 4164 ACPI - ok
15:54:57.0707 4164 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:54:57.0726 4164 adp94xx - ok
15:54:57.0798 4164 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:54:57.0814 4164 adpahci - ok
15:54:57.0828 4164 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:54:57.0839 4164 adpu160m - ok
15:54:57.0865 4164 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:54:57.0876 4164 adpu320 - ok
15:54:57.0933 4164 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:54:58.0018 4164 AFD - ok
15:54:58.0086 4164 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:54:58.0098 4164 agp440 - ok
15:54:58.0150 4164 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:54:58.0163 4164 aic78xx - ok
15:54:58.0186 4164 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:54:58.0196 4164 aliide - ok
15:54:58.0255 4164 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:54:58.0267 4164 amdide - ok
15:54:58.0313 4164 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:54:58.0386 4164 AmdK8 - ok
15:54:58.0491 4164 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
15:54:58.0588 4164 AppleCharger - ok
15:54:58.0633 4164 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:54:58.0647 4164 arc - ok
15:54:58.0669 4164 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:54:58.0682 4164 arcsas - ok
15:54:58.0689 4164 AsIO - ok
15:54:58.0764 4164 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:58.0816 4164 AsyncMac - ok
15:54:58.0854 4164 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:54:58.0866 4164 atapi - ok
15:54:58.0959 4164 bcd3000 (145b2fcf11fdda5c1d3c3dec36402a0f) C:\Windows\system32\DRIVERS\bcd3000_x64.sys
15:54:59.0029 4164 bcd3000 - ok
15:54:59.0082 4164 bcd3000wdm (3ce93283525fa3b9792fafc1f06cdec3) C:\Windows\system32\DRIVERS\bcd3000wdm_x64.sys
15:54:59.0152 4164 bcd3000wdm - ok
15:54:59.0184 4164 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:54:59.0230 4164 blbdrive - ok
15:54:59.0318 4164 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:54:59.0359 4164 bowser - ok
15:54:59.0403 4164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:54:59.0463 4164 BrFiltLo - ok
15:54:59.0477 4164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:54:59.0517 4164 BrFiltUp - ok
15:54:59.0585 4164 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:54:59.0687 4164 Brserid - ok
15:54:59.0728 4164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:54:59.0801 4164 BrSerWdm - ok
15:54:59.0818 4164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:54:59.0882 4164 BrUsbMdm - ok
15:54:59.0981 4164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:55:00.0079 4164 BrUsbSer - ok
15:55:00.0126 4164 BS_DEF - ok
15:55:00.0169 4164 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:55:00.0239 4164 BTHMODEM - ok
15:55:00.0303 4164 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:00.0347 4164 cdfs - ok
15:55:00.0398 4164 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:55:00.0435 4164 cdrom - ok
15:55:00.0506 4164 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
15:55:00.0576 4164 cfwids - ok
15:55:00.0608 4164 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:55:00.0662 4164 circlass - ok
15:55:00.0712 4164 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:55:00.0729 4164 CLFS - ok
15:55:00.0815 4164 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:55:00.0827 4164 cmdide - ok
15:55:00.0862 4164 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
15:55:00.0917 4164 COMMONFX - ok
15:55:00.0959 4164 COMMONFX.DLL - ok
15:55:00.0968 4164 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS
15:55:00.0978 4164 COMMONFX.SYS - ok
15:55:00.0997 4164 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:55:01.0009 4164 Compbatt - ok
15:55:01.0076 4164 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:55:01.0086 4164 crcdisk - ok
15:55:01.0151 4164 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
15:55:01.0211 4164 CT20XUT.DLL - ok
15:55:01.0256 4164 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
15:55:01.0338 4164 ctac32k - ok
15:55:01.0412 4164 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
15:55:01.0503 4164 ctaud2k - ok
15:55:01.0557 4164 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
15:55:01.0628 4164 CTAUDFX - ok
15:55:01.0633 4164 CTAUDFX.DLL - ok
15:55:01.0652 4164 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS
15:55:01.0673 4164 CTAUDFX.SYS - ok
15:55:01.0706 4164 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
15:55:01.0762 4164 CTEAPSFX.DLL - ok
15:55:01.0814 4164 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
15:55:01.0857 4164 CTEDSPFX.DLL - ok
15:55:01.0899 4164 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
15:55:01.0941 4164 CTEDSPIO.DLL - ok
15:55:01.0957 4164 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
15:55:02.0001 4164 CTEDSPSY.DLL - ok
15:55:02.0030 4164 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
15:55:02.0071 4164 CTERFXFX - ok
15:55:02.0122 4164 CTERFXFX.DLL - ok
15:55:02.0130 4164 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS
15:55:02.0137 4164 CTERFXFX.SYS - ok
15:55:02.0183 4164 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
15:55:02.0248 4164 CTEXFIFX.DLL - ok
15:55:02.0313 4164 ctgame (51882deb6e27bd59717cde2038271930) C:\Windows\system32\DRIVERS\ctgame.sys
15:55:02.0362 4164 ctgame - ok
15:55:02.0430 4164 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
15:55:02.0471 4164 CTHWIUT.DLL - ok
15:55:02.0495 4164 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
15:55:02.0543 4164 ctprxy2k - ok
15:55:02.0580 4164 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
15:55:02.0631 4164 CTSBLFX - ok
15:55:02.0705 4164 CTSBLFX.DLL - ok
15:55:02.0727 4164 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS
15:55:02.0743 4164 CTSBLFX.SYS - ok
15:55:02.0775 4164 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
15:55:02.0827 4164 ctsfm2k - ok
15:55:02.0888 4164 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:55:02.0918 4164 DfsC - ok
15:55:03.0014 4164 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:55:03.0024 4164 disk - ok
15:55:03.0099 4164 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:55:03.0140 4164 drmkaud - ok
15:55:03.0176 4164 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:03.0261 4164 DXGKrnl - ok
15:55:03.0327 4164 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:55:03.0385 4164 E1G60 - ok
15:55:03.0427 4164 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:55:03.0440 4164 Ecache - ok
15:55:03.0471 4164 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:55:03.0497 4164 elxstor - ok
15:55:03.0528 4164 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
15:55:03.0600 4164 emupia - ok
15:55:03.0668 4164 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
15:55:03.0741 4164 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
15:55:03.0741 4164 epmntdrv - detected UnsignedFile.Multi.Generic (1)
15:55:03.0792 4164 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:55:03.0839 4164 ErrDev - ok
15:55:03.0872 4164 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
15:55:03.0943 4164 etdrv - ok
15:55:04.0018 4164 EtronHub3 (6c17a702399b0205ab7836c2b45cd806) C:\Windows\system32\Drivers\EtronHub3.sys
15:55:04.0089 4164 EtronHub3 - ok
15:55:04.0134 4164 EtronXHCI (b5348a55cc9541ffa930e30bb0cc8ef6) C:\Windows\system32\Drivers\EtronXHCI.sys
15:55:04.0192 4164 EtronXHCI - ok
15:55:04.0262 4164 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
15:55:04.0330 4164 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
15:55:04.0331 4164 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
15:55:04.0392 4164 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:55:04.0419 4164 exfat - ok
15:55:04.0449 4164 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:55:04.0484 4164 fastfat - ok
15:55:04.0538 4164 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:55:04.0576 4164 fdc - ok
15:55:04.0628 4164 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:55:04.0638 4164 FileInfo - ok
15:55:04.0650 4164 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:55:04.0696 4164 Filetrace - ok
15:55:04.0775 4164 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:04.0816 4164 flpydisk - ok
15:55:04.0872 4164 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:55:04.0887 4164 FltMgr - ok
15:55:04.0920 4164 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:04.0953 4164 Fs_Rec - ok
15:55:05.0008 4164 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:55:05.0022 4164 gagp30kx - ok
15:55:05.0080 4164 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
15:55:05.0151 4164 gdrv - ok
15:55:05.0202 4164 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:55:05.0270 4164 GEARAspiWDM - ok
15:55:05.0305 4164 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
15:55:05.0377 4164 GVTDrv64 - ok
15:55:05.0461 4164 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
15:55:05.0553 4164 ha10kx2k - ok
15:55:05.0590 4164 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
15:55:05.0663 4164 hap16v2k - ok
15:55:05.0685 4164 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
15:55:05.0762 4164 hap17v2k - ok
15:55:05.0840 4164 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:55:05.0879 4164 HdAudAddService - ok
15:55:05.0917 4164 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:55:05.0979 4164 HDAudBus - ok
15:55:06.0066 4164 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:55:06.0121 4164 HidBth - ok
15:55:06.0133 4164 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:55:06.0192 4164 HidIr - ok
15:55:06.0227 4164 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:06.0265 4164 HidUsb - ok
15:55:06.0362 4164 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:55:06.0375 4164 HpCISSs - ok
15:55:06.0405 4164 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:55:06.0443 4164 HTTP - ok
15:55:06.0456 4164 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:55:06.0470 4164 i2omp - ok
15:55:06.0487 4164 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:55:06.0513 4164 i8042prt - ok
15:55:06.0598 4164 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:55:06.0619 4164 iaStorV - ok
15:55:06.0655 4164 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:55:06.0669 4164 iirsp - ok
15:55:06.0775 4164 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
15:55:06.0887 4164 IntcAzAudAddService - ok
15:55:06.0957 4164 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:55:06.0968 4164 intelide - ok
15:55:07.0002 4164 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:07.0040 4164 intelppm - ok
15:55:07.0070 4164 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:07.0104 4164 IpFilterDriver - ok
15:55:07.0153 4164 IpInIp - ok
15:55:07.0178 4164 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:55:07.0218 4164 IPMIDRV - ok
15:55:07.0260 4164 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:55:07.0305 4164 IPNAT - ok
15:55:07.0387 4164 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:55:07.0428 4164 IRENUM - ok
15:55:07.0482 4164 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:55:07.0495 4164 isapnp - ok
15:55:07.0530 4164 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:55:07.0550 4164 iScsiPrt - ok
15:55:07.0609 4164 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:55:07.0623 4164 iteatapi - ok
15:55:07.0656 4164 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:55:07.0670 4164 iteraid - ok
15:55:07.0696 4164 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:55:07.0708 4164 kbdclass - ok
15:55:07.0720 4164 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:55:07.0776 4164 kbdhid - ok
15:55:07.0870 4164 KORGUMDS (b3f33ead5e5ad0704c4ae8d9cb2d4a2e) C:\Windows\system32\Drivers\KORGUM64.SYS
15:55:07.0942 4164 KORGUMDS - ok
15:55:07.0991 4164 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:55:08.0005 4164 KSecDD - ok
15:55:08.0050 4164 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:55:08.0082 4164 ksthunk - ok
15:55:08.0153 4164 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:08.0191 4164 lltdio - ok
15:55:08.0240 4164 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:55:08.0252 4164 LSI_FC - ok
15:55:08.0269 4164 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:55:08.0281 4164 LSI_SAS - ok
15:55:08.0297 4164 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:55:08.0309 4164 LSI_SCSI - ok
15:55:08.0354 4164 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:55:08.0394 4164 luafv - ok
15:55:08.0544 4164 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:55:08.0557 4164 megasas - ok
15:55:08.0574 4164 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:55:08.0595 4164 MegaSR - ok
15:55:08.0636 4164 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
15:55:08.0686 4164 mfeapfk - ok
15:55:08.0717 4164 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
15:55:08.0767 4164 mfeavfk - ok
15:55:08.0845 4164 mfeavfk01 - ok
15:55:08.0916 4164 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
15:55:08.0980 4164 mfefirek - ok
15:55:09.0011 4164 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
15:55:09.0029 4164 mfehidk - ok
15:55:09.0114 4164 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:55:09.0174 4164 mfenlfk - ok
15:55:09.0202 4164 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
15:55:09.0263 4164 mferkdet - ok
15:55:09.0376 4164 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
15:55:09.0451 4164 mfewfpk - ok
15:55:09.0476 4164 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:55:09.0519 4164 Modem - ok
15:55:09.0559 4164 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:55:09.0597 4164 monitor - ok
15:55:09.0690 4164 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:55:09.0702 4164 mouclass - ok
15:55:09.0718 4164 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:09.0768 4164 mouhid - ok
15:55:09.0794 4164 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:55:09.0804 4164 MountMgr - ok
15:55:09.0818 4164 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:55:09.0837 4164 mpio - ok
15:55:09.0919 4164 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:55:09.0956 4164 mpsdrv - ok
15:55:09.0969 4164 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:55:09.0983 4164 Mraid35x - ok
15:55:10.0003 4164 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:55:10.0041 4164 MRxDAV - ok
15:55:10.0147 4164 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:10.0168 4164 mrxsmb - ok
15:55:10.0288 4164 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:10.0321 4164 mrxsmb10 - ok
15:55:10.0340 4164 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:10.0361 4164 mrxsmb20 - ok
15:55:10.0386 4164 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:55:10.0398 4164 msahci - ok
15:55:10.0490 4164 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:55:10.0505 4164 msdsm - ok
15:55:10.0523 4164 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:55:10.0563 4164 Msfs - ok
15:55:10.0587 4164 MSHUSBVideo (26668cc2920de2497a8e369b16e48ca3) C:\Windows\system32\Drivers\nx6000.sys
15:55:10.0668 4164 MSHUSBVideo - ok
15:55:10.0760 4164 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:55:10.0767 4164 msisadrv - ok
15:55:10.0787 4164 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:10.0817 4164 MSKSSRV - ok
15:55:10.0831 4164 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:10.0864 4164 MSPCLOCK - ok
15:55:10.0874 4164 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:55:10.0905 4164 MSPQM - ok
15:55:10.0999 4164 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:55:11.0010 4164 MsRPC - ok
15:55:11.0040 4164 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:55:11.0051 4164 mssmbios - ok
15:55:11.0072 4164 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:55:11.0116 4164 MSTEE - ok
15:55:11.0137 4164 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
15:55:11.0196 4164 MTsensor - ok
15:55:11.0283 4164 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:55:11.0294 4164 Mup - ok
15:55:11.0338 4164 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:11.0369 4164 NativeWifiP - ok
15:55:11.0407 4164 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:55:11.0431 4164 NDIS - ok
15:55:11.0536 4164 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:11.0619 4164 NdisTapi - ok
15:55:11.0648 4164 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:11.0697 4164 Ndisuio - ok
15:55:11.0730 4164 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:11.0760 4164 NdisWan - ok
15:55:11.0832 4164 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:55:11.0871 4164 NDProxy - ok
15:55:11.0903 4164 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:55:11.0936 4164 NetBIOS - ok
15:55:11.0962 4164 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:55:12.0003 4164 netbt - ok
15:55:12.0084 4164 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:55:12.0098 4164 nfrd960 - ok
15:55:12.0140 4164 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:55:12.0165 4164 Npfs - ok
15:55:12.0179 4164 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:55:12.0230 4164 nsiproxy - ok
15:55:12.0333 4164 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:55:12.0361 4164 Ntfs - ok
15:55:12.0393 4164 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:55:12.0423 4164 Null - ok
15:55:12.0512 4164 NVENETFD (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
15:55:12.0568 4164 NVENETFD - ok
15:55:12.0830 4164 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:55:13.0135 4164 nvlddmkm - ok
15:55:13.0246 4164 NVNET (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
15:55:13.0256 4164 NVNET - ok
15:55:13.0303 4164 NvnUsbAudio (f579fc56fa6a210f0b5ced586c776d52) C:\Windows\system32\DRIVERS\nvnusbaudio.sys
15:55:13.0377 4164 NvnUsbAudio - ok
15:55:13.0409 4164 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:55:13.0423 4164 nvraid - ok
15:55:13.0513 4164 nvsmu (a3ac469ad99ac3fd63afccfc29a90fa9) C:\Windows\system32\DRIVERS\nvsmu.sys
15:55:13.0580 4164 nvsmu - ok
15:55:13.0595 4164 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:55:13.0608 4164 nvstor - ok
15:55:13.0635 4164 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:55:13.0650 4164 nv_agp - ok
15:55:13.0656 4164 NwlnkFlt - ok
15:55:13.0663 4164 NwlnkFwd - ok
15:55:13.0703 4164 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:55:13.0740 4164 ohci1394 - ok
15:55:13.0833 4164 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
15:55:13.0906 4164 ossrv - ok
15:55:13.0928 4164 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:55:13.0974 4164 Parport - ok
15:55:14.0006 4164 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:55:14.0014 4164 partmgr - ok
15:55:14.0101 4164 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:55:14.0110 4164 pci - ok
15:55:14.0134 4164 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
15:55:14.0141 4164 pciide - ok
15:55:14.0165 4164 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:55:14.0177 4164 pcmcia - ok
15:55:14.0219 4164 Pcthad00wdm - ok
15:55:14.0283 4164 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:55:14.0355 4164 PEAUTH - ok
15:55:14.0398 4164 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:14.0431 4164 PptpMiniport - ok
15:55:14.0530 4164 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
15:55:14.0568 4164 Processor - ok
15:55:14.0607 4164 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:55:14.0632 4164 PSched - ok
15:55:14.0664 4164 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:55:14.0708 4164 ql2300 - ok
15:55:14.0799 4164 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:55:14.0815 4164 ql40xx - ok
15:55:14.0838 4164 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:55:14.0863 4164 QWAVEdrv - ok
15:55:14.0885 4164 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:14.0927 4164 RasAcd - ok
15:55:14.0958 4164 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:15.0008 4164 Rasl2tp - ok
15:55:15.0101 4164 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:15.0137 4164 RasPppoe - ok
15:55:15.0163 4164 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:15.0190 4164 RasSstp - ok
15:55:15.0223 4164 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:15.0249 4164 rdbss - ok
15:55:15.0334 4164 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:15.0395 4164 RDPCDD - ok
15:55:15.0419 4164 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:55:15.0476 4164 rdpdr - ok
15:55:15.0492 4164 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:55:15.0539 4164 RDPENCDD - ok
15:55:15.0574 4164 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
15:55:15.0657 4164 RDPWD - ok
15:55:15.0753 4164 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:15.0790 4164 rspndr - ok
15:55:15.0827 4164 RTL8169 (64caea08a89719c1e6f12f4e9cac24c4) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:55:15.0905 4164 RTL8169 - ok
15:55:15.0939 4164 SANDRA - ok
15:55:16.0034 4164 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:55:16.0046 4164 sbp2port - ok
15:55:16.0094 4164 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
15:55:16.0168 4164 SCDEmu - ok
15:55:16.0185 4164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:55:16.0251 4164 secdrv - ok
15:55:16.0335 4164 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
15:55:16.0369 4164 Serenum - ok
15:55:16.0413 4164 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
15:55:16.0447 4164 Serial - ok
15:55:16.0536 4164 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:55:16.0575 4164 sermouse - ok
15:55:16.0598 4164 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:55:16.0634 4164 sffdisk - ok
15:55:16.0649 4164 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:16.0687 4164 sffp_mmc - ok
15:55:16.0776 4164 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:55:16.0817 4164 sffp_sd - ok
15:55:16.0832 4164 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:55:16.0878 4164 sfloppy - ok
15:55:16.0900 4164 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:55:16.0914 4164 SiSRaid2 - ok
15:55:16.0933 4164 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:55:16.0947 4164 SiSRaid4 - ok
15:55:16.0973 4164 SL3 (3de2f3c852f503aa4a4477e3b932d526) C:\Windows\system32\Drivers\Sl3.sys
15:55:17.0050 4164 SL3 - ok
15:55:17.0147 4164 SL3Usb (85c02378702479941e83db9b47aa2492) C:\Windows\system32\Drivers\SL3Usb.sys
15:55:17.0209 4164 SL3Usb - ok
15:55:17.0226 4164 SL3UsbNoSSL (d0216eb40c9ce76f26b9e4bc167a26d2) C:\Windows\system32\Drivers\SL3UsbNoSSL.sys
15:55:17.0287 4164 SL3UsbNoSSL - ok
15:55:17.0310 4164 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:55:17.0356 4164 Smb - ok
15:55:17.0718 4164 SNPSTD3 (37d91c6385bb1104d67925fc43800ed0) C:\Windows\system32\DRIVERS\snpstd3.sys
15:55:18.0166 4164 SNPSTD3 - ok
15:55:18.0256 4164 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:55:18.0263 4164 spldr - ok
15:55:18.0299 4164 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:55:18.0333 4164 srv - ok
15:55:18.0356 4164 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:55:18.0377 4164 srv2 - ok
15:55:18.0446 4164 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:18.0470 4164 srvnet - ok
15:55:18.0510 4164 strmdrv (653fc348fb7d0de7267c0eacae5311c4) C:\Windows\system32\Drivers\strmdrv.sys
15:55:18.0570 4164 strmdrv - ok
15:55:18.0598 4164 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:55:18.0610 4164 swenum - ok
15:55:18.0688 4164 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:55:18.0700 4164 Symc8xx - ok
15:55:18.0710 4164 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:55:18.0724 4164 Sym_hi - ok
15:55:18.0753 4164 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:55:18.0765 4164 Sym_u3 - ok
15:55:18.0821 4164 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
15:55:18.0858 4164 Tcpip - ok
15:55:18.0924 4164 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:18.0962 4164 Tcpip6 - ok
15:55:18.0991 4164 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:55:19.0023 4164 tcpipreg - ok
15:55:19.0055 4164 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:55:19.0099 4164 TDPIPE - ok
15:55:19.0154 4164 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:55:19.0192 4164 TDTCP - ok
15:55:19.0228 4164 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:55:19.0268 4164 tdx - ok
15:55:19.0299 4164 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:55:19.0314 4164 TermDD - ok
15:55:19.0339 4164 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:19.0386 4164 tssecsrv - ok
15:55:19.0455 4164 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:55:19.0488 4164 tunmp - ok
15:55:19.0539 4164 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:19.0565 4164 tunnel - ok
15:55:19.0592 4164 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:55:19.0605 4164 uagp35 - ok
15:55:19.0693 4164 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:55:19.0730 4164 udfs - ok
15:55:19.0756 4164 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:55:19.0770 4164 uliagpkx - ok
15:55:19.0791 4164 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:55:19.0809 4164 uliahci - ok
15:55:19.0837 4164 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:55:19.0852 4164 UlSata - ok
15:55:19.0910 4164 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:55:19.0928 4164 ulsata2 - ok
15:55:19.0953 4164 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:55:20.0003 4164 umbus - ok
15:55:20.0039 4164 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
15:55:20.0085 4164 UMPass - ok
15:55:20.0162 4164 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:55:20.0242 4164 USBAAPL64 - ok
15:55:20.0278 4164 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
15:55:20.0317 4164 usbaudio - ok
15:55:20.0359 4164 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:20.0401 4164 usbccgp - ok
15:55:20.0584 4164 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:55:20.0710 4164 usbcir - ok
15:55:20.0766 4164 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:55:20.0795 4164 usbehci - ok
15:55:20.0826 4164 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:20.0871 4164 usbhub - ok
15:55:20.0940 4164 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:55:20.0970 4164 usbohci - ok
15:55:21.0009 4164 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:21.0047 4164 usbprint - ok
15:55:21.0068 4164 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:21.0103 4164 usbscan - ok
15:55:21.0123 4164 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:21.0154 4164 USBSTOR - ok
15:55:21.0220 4164 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:55:21.0268 4164 usbuhci - ok
15:55:21.0312 4164 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:55:21.0352 4164 usbvideo - ok
15:55:21.0381 4164 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:21.0433 4164 vga - ok
15:55:21.0569 4164 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:55:21.0646 4164 VgaSave - ok
15:55:21.0905 4164 VIAHdAudAddService (8f69c38a8ba725f891f26aac8888696e) C:\Windows\system32\drivers\viahduaa.sys
15:55:22.0000 4164 VIAHdAudAddService - ok
15:55:22.0151 4164 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:55:22.0163 4164 viaide - ok
15:55:22.0181 4164 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:55:22.0192 4164 volmgr - ok
15:55:22.0215 4164 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:55:22.0232 4164 volmgrx - ok
15:55:22.0257 4164 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:55:22.0271 4164 volsnap - ok
15:55:22.0286 4164 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:55:22.0302 4164 vsmraid - ok
15:55:22.0425 4164 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:55:22.0482 4164 WacomPen - ok
15:55:22.0512 4164 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:22.0550 4164 Wanarp - ok
15:55:22.0569 4164 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:22.0594 4164 Wanarpv6 - ok
15:55:22.0701 4164 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:55:22.0715 4164 Wd - ok
15:55:22.0750 4164 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:55:22.0776 4164 Wdf01000 - ok
15:55:22.0821 4164 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:55:22.0846 4164 WmiAcpi - ok
15:55:22.0887 4164 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:55:22.0905 4164 WpdUsb - ok
15:55:22.0997 4164 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:23.0042 4164 ws2ifsl - ok
15:55:23.0067 4164 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:23.0107 4164 WUDFRd - ok
15:55:23.0153 4164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:55:23.0214 4164 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:55:23.0214 4164 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:55:23.0217 4164 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
15:55:23.0629 4164 \Device\Harddisk1\DR1 - ok
15:55:23.0631 4164 Boot (0x1200) (ee71fee9844a95524f826c97fe000ffb) \Device\Harddisk0\DR0\Partition0
15:55:23.0632 4164 \Device\Harddisk0\DR0\Partition0 - ok
15:55:23.0656 4164 Boot (0x1200) (f6b8d92d1b647554d0cdb5f26d61aa07) \Device\Harddisk0\DR0\Partition1
15:55:23.0656 4164 \Device\Harddisk0\DR0\Partition1 - ok
15:55:23.0675 4164 Boot (0x1200) (91d8b6af18d9c168a74354c55cc488c1) \Device\Harddisk0\DR0\Partition2
15:55:23.0676 4164 \Device\Harddisk0\DR0\Partition2 - ok
15:55:23.0687 4164 Boot (0x1200) (456366f63b14702f4e0115926fdcb696) \Device\Harddisk0\DR0\Partition3
15:55:23.0688 4164 \Device\Harddisk0\DR0\Partition3 - ok
15:55:23.0691 4164 Boot (0x1200) (93d356c81c177355e868f9526cf5dbea) \Device\Harddisk1\DR1\Partition0
15:55:23.0692 4164 \Device\Harddisk1\DR1\Partition0 - ok
15:55:23.0692 4164 ============================================================
15:55:23.0692 4164 Scan finished
15:55:23.0692 4164 ============================================================
15:55:23.0701 2364 Detected object count: 3
15:55:23.0701 2364 Actual detected object count: 3
15:56:08.0035 2364 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:08.0036 2364 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:08.0039 2364 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:08.0039 2364 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:08.0042 2364 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:56:08.0042 2364 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:56:29.0519 0592 Deinitialize success
3.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 15:58:54
-----------------------------
15:58:54.843 OS Version: Windows x64 6.0.6002 Service Pack 2
15:58:54.843 Number of processors: 4 586 0x402
15:58:54.844 ComputerName: ASHIDO-PC UserName: AshiDo
15:58:56.045 Initialize success
15:59:22.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:59:22.475 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
15:59:22.479 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
15:59:22.483 Disk 1 Vendor: WDC_WD10EACS-00ZJB0 01.01B01 Size: 953869MB BusType: 3
15:59:22.506 Disk 0 MBR read successfully
15:59:22.511 Disk 0 MBR scan
15:59:22.516 Disk 0 Windows VISTA default MBR code
15:59:22.547 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:59:22.559 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 553741 MB offset 206848
15:59:22.578 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300018 MB offset 1134269325
15:59:22.599 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99999 MB offset 1748721664
15:59:22.624 Disk 0 scanning C:\Windows\system32\drivers
15:59:29.010 Service scanning
15:59:46.700 Modules scanning
15:59:47.080 Disk 0 trace - called modules:
15:59:47.109 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:59:47.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d3b790]
15:59:47.130 3 CLASSPNP.SYS[fffffa60007c7c33] -> nt!IofCallDriver -> [0xfffffa8007987810]
15:59:47.141 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079934b0]
15:59:47.151 Scan finished successfully
15:59:57.004 Disk 0 MBR has been saved successfully to "C:\Users\AshiDo\Documents\MBR.dat"
15:59:57.028 The log file has been saved successfully to "C:\Users\AshiDo\Documents\aswMBR.txt"

4.
Farbar Service Scanner Version: 01-03-2012
Ran by AshiDo (administrator) on 15-03-2012 at 16:01:15
Running from "C:\Users\AshiDo\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-10-29 23:42] - [2008-10-29 23:42] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 13:37] - [2012-01-03 14:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2011-04-16 00:33] - [2011-03-02 16:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-10-29 23:32] - [2008-10-29 23:32] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2010-09-30 20:33] - [2009-04-11 07:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2010-09-27 19:13] - [2009-08-07 02:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll
[2008-10-29 23:32] - [2008-10-29 23:32] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-09-30 20:33] - [2009-04-11 07:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
5.
OTL.txt
OTL logfile created on: 15/03/2012 16:03:01 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\AshiDo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.49% Memory free
16.20 Gb Paging File | 13.96 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.99 Gb Total Space | 141.40 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 59.52 Mb Free Space | 59.53% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 604.86 Gb Free Space | 64.93% Space Free | Partition Type: NTFS
Drive F: | 540.76 Gb Total Space | 444.40 Gb Free Space | 82.18% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 69.40 Gb Free Space | 71.06% Space Free | Partition Type: NTFS

Computer Name: ASHIDO-PC | User Name: AshiDo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 15:57:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\AshiDo\Desktop\OTL.exe
PRC - [2012/03/14 13:43:49 | 000,059,904 | ---- | M] () -- C:\Windows\Temp\unrjrm\setup.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/03/30 00:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/03/24 04:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2010/11/15 11:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010/11/15 11:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/13 13:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/18 19:29:24 | 000,548,864 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\Program Files\Behringer\BCD3000\Drivers\bcd3kcpan.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/07/22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009/07/22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009/04/11 06:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/10/29 23:43:07 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 06:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Disabled | Stopped] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2008/10/29 23:45:37 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\alerter.dll -- (DirectUpdate)
SRV:64bit: - [2007/04/17 06:13:22 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbucoms.exe -- (lxbu_device)
SRV - [2012/03/14 13:43:49 | 000,059,904 | ---- | M] () [Auto | Stopped] -- C:\Windows\TEMP\unrjrm\setup.exe -- (AMService)
SRV - [2012/02/08 11:26:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/24 04:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2010/11/15 11:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/07/22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/07/22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/04/02 04:27:27 | 000,090,112 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/17 06:13:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbucoms.exe -- (lxbu_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/06/22 14:55:50 | 000,057,464 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SL3UsbNoSSL.sys -- (SL3UsbNoSSL)
DRV:64bit: - [2011/06/22 14:55:50 | 000,057,464 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SL3Usb.sys -- (SL3Usb)
DRV:64bit: - [2011/05/18 09:46:10 | 000,036,424 | ---- | M] (Rane Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\strmdrv.sys -- (strmdrv)
DRV:64bit: - [2011/03/30 00:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2011/01/26 05:42:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/01/26 05:41:00 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/12/02 22:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/11 06:57:30 | 000,386,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/08/05 16:52:12 | 000,054,888 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcd3000_x64.sys -- (bcd3000)
DRV:64bit: - [2010/08/05 16:52:12 | 000,032,872 | ---- | M] (Behringer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcd3000wdm_x64.sys -- (bcd3000wdm)
DRV:64bit: - [2010/08/04 20:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 08:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hap17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hap16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 20:51:00 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ctgame.sys -- (ctgame)
DRV:64bit: - [2010/03/18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/03/18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.SYS -- (COMMONFX)
DRV:64bit: - [2010/03/12 10:08:34 | 000,057,448 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Sl3.sys -- (SL3)
DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/10 15:24:40 | 000,047,616 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/29 23:48:55 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/03/27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2006/10/31 15:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2012/03/15 10:53:47 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/01/13 19:08:57 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/10/21 00:37:46 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2127880


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2127880
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C C0 61 24 91 5E CB 01 [binary data]
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\URLSearchHook: {56d4614e-9449-45f7-8e02-783c66418938} - No CLSID value found
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\URLSearchHook: {92a2f4ec-51d2-4283-87d5-93b7005fc356} - No CLSID value found
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2127880
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?SearchSource=10&ctid=CT2127880"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {91c612bf-2a7a-48b8-8c8c-6de28589b7a1}:1.1.8.4
FF - prefs.js..extensions.enabledItems: {91c612bf-2a7a-48b8-8c8c-6de28589b7a0}:1.1.8.4
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.5.0
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\AshiDo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/23 13:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011/10/21 00:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011/10/21 00:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011/10/21 00:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/31 20:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/22 02:45:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 09:41:31 | 000,000,000 | ---D | M]

[2010/11/10 20:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Extensions
[2012/02/14 10:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions
[2010/12/03 18:05:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 02:46:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/14 10:54:57 | 000,000,000 | ---D | M] (TranceCommunity Community Toolbar) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\{92a2f4ec-51d2-4283-87d5-93b7005fc356}
[2011/12/10 12:35:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/03 18:21:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\engine@conduit.com
[2010/11/10 20:06:22 | 000,000,000 | ---D | M] (vShare) -- C:\Users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\extensions\vshare@toolbar
[2011/12/30 13:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/31 20:01:12 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/22 02:45:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 00:47:48 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 00:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 00:47:48 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 00:47:48 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 00:47:48 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\AshiDo\AppData\Local\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\AshiDo\AppData\Local\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\AshiDo\AppData\Local\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\AshiDo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Google Update (Enabled) = C:\Users\AshiDo\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mixcloud = C:\Users\AshiDo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcenekolminfbkcbchinlcgfhpmggpk\0.0.0.2_0\
CHR - Extension: McAfee SiteAdvisor = C:\Users\AshiDo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\
CHR - Extension: AT_HatsuneMiku = C:\Users\AshiDo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcacbggjcnkdgchjnekppjkkkhlijkdd\2_0\

Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111223170715.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111231115550.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [ReCycle Patch] C:\Program Files (x86)\Propellerhead\ReCycle\ReCyclePatch.exe ()
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear File not found
O4 - HKU\S-1-5-21-1289396712-1149613695-2710581571-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DB14AC-EA70-4CFC-B797-D67B71EA82D1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B438471E-EA68-4C31-A7B7-667C94F6020A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\AshiDo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\AshiDo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - E:\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/01 00:59:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/16 15:50:26 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^AshiDo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: LXBUCATS - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: MS Host Service - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: oRXOnvm4AkAXojJ - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TurboV - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {321A87E9-CA0E-448D-2F11-E0CA73F6C2D7} - DirectX
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {XUMEn8a2-p4uT-M2AJ-8alv-rsKdSgMFpnS0} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.mjpg - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: DirectUpdate - C:\Windows\SysNative\alerter.dll (Oak Technology Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 15:57:43 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\AshiDo\Desktop\OTL.exe
[2012/03/15 15:56:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\AshiDo\Desktop\aswMBR.exe
[2012/03/15 15:07:19 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\AshiDo\Desktop\tdsskiller.exe
[2012/03/15 11:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/14 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\ExodusViewer
[2012/03/14 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\ExodusViewer
[2012/03/14 19:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exodus Viewer Beta
[2012/03/14 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExodusViewerBeta
[2012/03/14 17:45:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\AshiDo\Desktop\dds.scr
[2012/03/14 15:40:05 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Documents\Pinnacle VideoSpin
[2012/03/14 15:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2012/03/14 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2012/03/14 15:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2012/03/14 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2012/03/14 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2012/03/14 15:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/03/13 20:18:08 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Desktop\Ebooks
[2012/03/13 19:22:32 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 19:22:32 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/13 19:22:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/13 19:22:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/13 19:22:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/13 19:21:22 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/03/13 19:21:22 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/03/13 16:19:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
[2012/03/13 16:16:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
[2012/03/10 13:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/10 13:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 13:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/10 13:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/09 21:19:04 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\AshiDo\Desktop\junction.exe
[2012/03/09 19:11:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/09 19:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/09 18:53:46 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\SpeedyPC Software
[2012/03/09 18:53:46 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\DriverCure
[2012/03/09 18:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/03/08 18:08:59 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\Malwarebytes
[2012/03/08 18:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 18:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 18:08:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/08 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/08 16:32:21 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/03/06 19:27:03 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMV9VCM.dll
[2012/03/06 18:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karaoke for DirectX
[2012/03/06 18:25:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012/03/06 18:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicVJ
[2012/03/06 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Desktop\4Play 2012 rework
[2012/03/04 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\GrandVJ
[2012/03/03 20:08:26 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Documents\Adobe
[2012/03/03 20:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012/03/03 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012/03/03 20:01:35 | 000,319,488 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll
[2012/03/03 20:01:35 | 000,028,672 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll
[2012/03/03 20:01:34 | 000,462,848 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll
[2012/03/03 20:01:34 | 000,286,720 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll
[2012/03/03 20:01:34 | 000,143,360 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll
[2012/03/03 19:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Serato
[2012/03/03 14:39:26 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{94B8AA2C-0518-43D9-8B78-0CDE2BC7D98D}
[2012/03/03 14:39:16 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{1A1D0B69-6E08-47CA-9B0A-797E308EA751}
[2012/03/02 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Desktop\VA-CD_Club_Promo_Only_March_Part_5-2012-BFHMP3
[2012/03/02 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{6B127F25-00F8-45C8-8033-2398A68D35CE}
[2012/03/02 16:57:24 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{30D84571-019D-40D9-A707-A3453FCF3F47}
[2012/02/23 14:56:51 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/02/23 14:56:51 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/02/23 14:56:51 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/02/23 14:56:50 | 025,541,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/02/23 14:56:50 | 019,443,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/02/23 14:56:48 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/02/23 14:56:48 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/02/23 14:56:48 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/02/23 14:56:48 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/02/23 14:56:48 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/02/23 14:56:48 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/02/23 14:56:47 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/02/23 14:56:46 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/02/21 18:15:43 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Desktop\new vsti
[2012/02/21 15:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2012/02/20 18:02:12 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/02/20 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/02/20 18:02:08 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\Documents\VirtualDJ
[2012/02/20 18:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/02/20 13:04:44 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{8B0B94BD-9021-4479-84FE-A38098D09618}
[2012/02/20 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{174E9607-C058-4D47-AD3C-00AA93B6A32E}
[2012/02/17 00:12:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 00:12:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 00:12:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 00:12:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 00:12:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 00:12:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 00:12:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 00:12:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 00:12:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 00:12:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/17 00:12:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 13:37:26 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{613A4A1F-C41E-4E04-AB21-16FC12EF5A38}
[2012/02/15 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\AshiDo\AppData\Local\{0DBC28F0-842A-43C6-A3F3-5469ED6BE890}
[2012/02/15 11:01:50 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/02/15 11:01:50 | 000,052,736 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\AshiDo\Documents\*.tmp files -> C:\Users\AshiDo\Documents\*.tmp -> ]
[1 C:\Users\AshiDo\AppData\Local\*.tmp files -> C:\Users\AshiDo\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 15:59:57 | 000,000,512 | ---- | M] () -- C:\Users\AshiDo\Documents\MBR.dat
[2012/03/15 15:57:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\AshiDo\Desktop\OTL.exe
[2012/03/15 15:57:37 | 000,337,137 | ---- | M] () -- C:\Users\AshiDo\Desktop\FSS.exe
[2012/03/15 15:57:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\AshiDo\Desktop\aswMBR.exe
[2012/03/15 15:15:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000UA.job
[2012/03/15 15:15:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000Core.job
[2012/03/15 15:07:19 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\AshiDo\Desktop\tdsskiller.exe
[2012/03/15 14:53:39 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 14:53:39 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 11:00:41 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/15 11:00:41 | 000,609,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/15 11:00:41 | 000,108,690 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/15 10:53:53 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/15 10:53:47 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/03/15 10:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 10:53:30 | 4292,403,199 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 22:05:54 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000008-00001102-00000004-10021102}.rfx
[2012/03/14 22:05:54 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000008-00001102-00000004-10021102}.rfx
[2012/03/14 22:05:54 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000003-00000000-00000008-00001102-00000004-10021102}.rfx
[2012/03/14 22:05:54 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000003-00000000-00000008-00001102-00000004-10021102}.rfx
[2012/03/14 22:05:54 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000008-00001102-00000004-10021102}.rfx
[2012/03/14 22:05:54 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/03/14 22:05:54 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/03/14 19:22:41 | 004,943,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 19:20:24 | 905,813,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/14 19:08:59 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/03/14 17:50:28 | 000,004,218 | ---- | M] () -- C:\Users\AshiDo\Documents\Attach.rar
[2012/03/14 17:45:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\AshiDo\Desktop\dds.scr
[2012/03/14 15:43:15 | 000,002,561 | ---- | M] () -- C:\Users\AshiDo\Desktop\HiJackThis.lnk
[2012/03/14 15:42:48 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/03/14 15:30:47 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[2012/03/13 19:59:12 | 010,463,607 | ---- | M] () -- C:\Users\AshiDo\Desktop\Dont Be Afraid Of The Dark.mp3
[2012/03/13 19:55:59 | 000,001,343 | ---- | M] () -- C:\Users\AshiDo\Desktop\lamb.midi
[2012/03/13 19:54:24 | 000,605,199 | ---- | M] () -- C:\Users\AshiDo\Desktop\04 Lamb Lamp Lambency.wav.mdd
[2012/03/13 18:02:32 | 092,263,344 | ---- | M] () -- C:\Users\AshiDo\Desktop\Dont Be Afraid Of The Dark.wav
[2012/03/13 16:21:19 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Kontakt 5.lnk
[2012/03/13 16:19:06 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012/03/12 17:47:56 | 011,853,868 | ---- | M] () -- C:\Users\AshiDo\Desktop\04 Lamb Lamp Lambency.wav
[2012/03/10 13:41:33 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/10 13:41:14 | 000,001,783 | ---- | M] () -- C:\Users\AshiDo\Desktop\last_of_the_mohicans.mid
[2012/03/10 13:41:04 | 000,005,745 | ---- | M] () -- C:\Users\AshiDo\Desktop\braveheart.mid
[2012/03/10 13:39:44 | 000,020,906 | ---- | M] () -- C:\Users\AshiDo\Desktop\danceofsugarplmfaries.mid
[2012/03/10 13:18:53 | 000,023,552 | ---- | M] () -- C:\Users\AshiDo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/09 21:18:23 | 000,001,356 | ---- | M] () -- C:\Users\AshiDo\AppData\Local\d3d9caps.dat
[2012/03/09 18:57:55 | 000,000,894 | ---- | M] () -- C:\Users\AshiDo\Application Data\Microsoft\Internet Explorer\Quick Launch\Traktor 2.lnk
[2012/03/08 18:08:54 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 17:53:49 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2012/03/08 17:53:48 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012/03/08 17:53:48 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/03/08 17:53:48 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll
[2012/03/06 19:42:11 | 000,667,734 | ---- | M] () -- C:\Users\AshiDo\Desktop\Serato Video-SL 1.2 Manual.pdf
[2012/03/06 18:26:42 | 000,002,867 | ---- | M] () -- C:\Users\AshiDo\Desktop\CookSafe.exe.lnk
[2012/03/06 13:47:39 | 022,492,928 | ---- | M] () -- C:\Users\AshiDo\Desktop\Blue Dream MASTER.mp3
[2012/03/06 13:22:05 | 099,188,828 | ---- | M] () -- C:\Users\AshiDo\Desktop\dream 5.wav
[2012/03/05 17:17:24 | 004,931,577 | ---- | M] () -- C:\Windows\{00000003-00000000-00000008-00001102-00000004-10021102}.CDF
[2012/03/05 17:17:24 | 004,931,577 | ---- | M] () -- C:\Windows\{00000003-00000000-00000008-00001102-00000004-10021102}.BAK
[2012/03/03 20:21:05 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2012/03/03 20:21:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.dll
[2012/03/03 20:09:44 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2012/03/03 20:09:44 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2012/03/03 20:09:44 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/03/02 18:13:51 | 000,148,766 | ---- | M] () -- C:\Users\AshiDo\Desktop\Cosmic Gate - Firewire bit.wav.mdd
[2012/03/02 18:12:17 | 000,561,191 | ---- | M] () -- C:\Users\AshiDo\Desktop\Cosmic Gate - Firewire bit.mp3
[2012/02/29 14:53:30 | 094,495,208 | ---- | M] () -- C:\Users\AshiDo\Desktop\DI listen to me.mp3
[2012/02/29 14:14:34 | 000,062,676 | ---- | M] () -- C:\Users\AshiDo\Desktop\mousse_T-_horney.mid
[2012/02/24 20:26:34 | 018,464,768 | ---- | M] () -- C:\Users\AshiDo\Desktop\W&W Vs Gareth Emery - Nowhere to Concrete (AshiDo Mashup) - 130-9B.mp3
[2012/02/23 11:04:10 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/22 11:19:50 | 000,001,456 | ---- | M] () -- C:\Users\AshiDo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/21 18:52:21 | 016,952,423 | ---- | M] () -- C:\Users\AshiDo\Desktop\Insomnia (Edit) Fully Masterd_.mp3
[2012/02/21 18:32:09 | 000,057,291 | ---- | M] () -- C:\Users\AshiDo\Desktop\SC Kick.wav.asd
[2012/02/21 17:22:41 | 088,562,644 | ---- | M] () -- C:\Users\AshiDo\Desktop\Nowhere to concrete.wav
[2012/02/20 18:02:12 | 000,000,883 | ---- | M] () -- C:\Users\AshiDo\Desktop\Virtual DJ Pro.lnk
[2012/02/15 11:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/02/14 16:49:43 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/02/14 16:49:43 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\AshiDo\Documents\*.tmp files -> C:\Users\AshiDo\Documents\*.tmp -> ]
[1 C:\Users\AshiDo\AppData\Local\*.tmp files -> C:\Users\AshiDo\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 15:59:57 | 000,000,512 | ---- | C] () -- C:\Users\AshiDo\Documents\MBR.dat
[2012/03/15 15:57:34 | 000,337,137 | ---- | C] () -- C:\Users\AshiDo\Desktop\FSS.exe
[2012/03/14 19:08:59 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/03/14 17:50:28 | 000,004,218 | ---- | C] () -- C:\Users\AshiDo\Documents\Attach.rar
[2012/03/14 15:30:47 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[2012/03/14 15:26:14 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/03/13 19:58:56 | 010,463,607 | ---- | C] () -- C:\Users\AshiDo\Desktop\Dont Be Afraid Of The Dark.mp3
[2012/03/13 19:58:19 | 092,263,344 | ---- | C] () -- C:\Users\AshiDo\Desktop\Dont Be Afraid Of The Dark.wav
[2012/03/13 19:55:59 | 000,001,343 | ---- | C] () -- C:\Users\AshiDo\Desktop\lamb.midi
[2012/03/13 19:54:24 | 000,605,199 | ---- | C] () -- C:\Users\AshiDo\Desktop\04 Lamb Lamp Lambency.wav.mdd
[2012/03/13 19:54:05 | 011,853,868 | ---- | C] () -- C:\Users\AshiDo\Desktop\04 Lamb Lamp Lambency.wav
[2012/03/13 16:21:19 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Kontakt 5.lnk
[2012/03/13 16:15:56 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012/03/11 23:15:13 | 4292,403,199 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/10 13:41:33 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/10 13:41:13 | 000,001,783 | ---- | C] () -- C:\Users\AshiDo\Desktop\last_of_the_mohicans.mid
[2012/03/10 13:41:04 | 000,005,745 | ---- | C] () -- C:\Users\AshiDo\Desktop\braveheart.mid
[2012/03/10 13:39:43 | 000,020,906 | ---- | C] () -- C:\Users\AshiDo\Desktop\danceofsugarplmfaries.mid
[2012/03/10 02:07:12 | 905,813,012 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/09 21:19:45 | 000,302,592 | ---- | C] () -- C:\Users\AshiDo\Desktop\gmer.exe
[2012/03/08 18:08:54 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/08 16:33:27 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/06 19:42:11 | 000,667,734 | ---- | C] () -- C:\Users\AshiDo\Desktop\Serato Video-SL 1.2 Manual.pdf
[2012/03/06 13:44:17 | 022,492,928 | ---- | C] () -- C:\Users\AshiDo\Desktop\Blue Dream MASTER.mp3
[2012/03/06 13:17:24 | 099,188,828 | ---- | C] () -- C:\Users\AshiDo\Desktop\dream 5.wav
[2012/03/03 20:21:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.dll
[2012/03/03 20:21:01 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012/03/03 20:21:01 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\ssprs.tgz
[2012/03/03 20:21:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2012/03/03 20:01:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2012/03/03 20:01:04 | 000,000,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 1.5.lnk
[2012/03/03 12:26:41 | 044,849,487 | ---- | C] () -- C:\Users\AshiDo\Desktop\01 One (Your Name) [feat. Pharrell].m4v
[2012/03/03 12:26:33 | 043,548,955 | ---- | C] () -- C:\Users\AshiDo\Desktop\01 I Found U (feat. Max'C).m4v
[2012/03/03 12:26:26 | 035,833,832 | ---- | C] () -- C:\Users\AshiDo\Desktop\01 Body Crash.m4v
[2012/03/02 18:13:51 | 000,148,766 | ---- | C] () -- C:\Users\AshiDo\Desktop\Cosmic Gate - Firewire bit.wav.mdd
[2012/03/02 18:12:17 | 000,561,191 | ---- | C] () -- C:\Users\AshiDo\Desktop\Cosmic Gate - Firewire bit.mp3
[2012/02/29 14:40:24 | 094,495,208 | ---- | C] () -- C:\Users\AshiDo\Desktop\DI listen to me.mp3
[2012/02/29 14:14:33 | 000,062,676 | ---- | C] () -- C:\Users\AshiDo\Desktop\mousse_T-_horney.mid
[2012/02/22 11:01:19 | 018,464,768 | ---- | C] () -- C:\Users\AshiDo\Desktop\W&W Vs Gareth Emery - Nowhere to Concrete (AshiDo Mashup) - 130-9B.mp3
[2012/02/21 18:51:56 | 016,952,423 | ---- | C] () -- C:\Users\AshiDo\Desktop\Insomnia (Edit) Fully Masterd_.mp3
[2012/02/21 18:32:09 | 000,057,291 | ---- | C] () -- C:\Users\AshiDo\Desktop\SC Kick.wav.asd
[2012/02/21 17:22:41 | 088,562,644 | ---- | C] () -- C:\Users\AshiDo\Desktop\Nowhere to concrete.wav
[2012/02/20 18:02:12 | 000,000,883 | ---- | C] () -- C:\Users\AshiDo\Desktop\Virtual DJ Pro.lnk
[2012/02/08 11:26:18 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/08 11:26:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/01/04 15:53:22 | 000,000,132 | ---- | C] () -- C:\Users\AshiDo\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/12/12 16:09:26 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/12/12 16:09:26 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011/12/12 16:09:26 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011/12/12 16:09:26 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/12/12 16:09:26 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2011/12/12 15:59:10 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011/12/12 15:59:10 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/12/12 15:41:05 | 000,833,094 | ---- | C] () -- C:\Windows\Reverence VST plug-in Uninstaller.exe
[2011/11/20 14:01:31 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\Users\AshiDo\AppData\Roaming\MIDI Patch Names
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\Users\AshiDo\AppData\Roaming\MIDI Drivers
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\Users\AshiDo\AppData\Roaming\MIDI Devices
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Master
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mallets
[2011/11/01 11:33:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail
[2011/11/01 11:33:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/11/01 11:33:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/11/01 11:33:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/10/21 00:24:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/10/21 00:09:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/19 19:40:29 | 000,412,160 | ---- | C] () -- C:\Windows\SysWow64\RaneAsioSL3.dll
[2011/08/14 02:59:53 | 000,001,356 | ---- | C] () -- C:\Users\AshiDo\AppData\Local\d3d9caps.dat
[2011/02/11 10:42:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/03 13:20:41 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/03 13:20:41 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/03 13:20:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/03 13:20:40 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/03 13:20:40 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/31 15:21:38 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/01/31 14:38:52 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011/01/31 14:38:23 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/01/31 14:38:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/01/28 16:43:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\NSREG.DLL
[2010/12/27 14:53:26 | 000,000,036 | ---- | C] () -- C:\Users\AshiDo\AppData\Local\housecall.guid.cache
[2010/12/03 16:10:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/03 12:16:59 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010/11/30 16:07:46 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\cmsConfig.dll
[2010/11/29 17:42:19 | 000,001,456 | ---- | C] () -- C:\Users\AshiDo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/23 18:30:29 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/11/23 18:30:29 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/11/23 18:30:29 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/11/23 18:30:29 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/11/23 18:30:29 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/11/16 15:29:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbupmui.dll
[2010/11/16 15:29:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuinpa.dll
[2010/11/16 15:29:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuiesc.dll
[2010/11/16 15:29:28 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxbucomx.dll
[2010/11/16 15:29:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBUinst.dll
[2010/11/16 15:29:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuserv.dll
[2010/11/16 15:29:27 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuusb1.dll
[2010/11/16 15:29:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuhbn3.dll
[2010/11/16 15:29:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbucomc.dll
[2010/11/16 15:29:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbulmpm.dll
[2010/11/16 15:29:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbucoms.exe
[2010/11/16 15:29:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbucomm.dll
[2010/11/16 15:29:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuih.exe
[2010/11/16 15:29:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbucfg.exe
[2010/11/16 15:29:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuppls.exe
[2010/11/16 15:29:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbuprox.dll
[2010/11/16 15:29:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbupplc.dll
[2010/11/10 02:13:22 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/17 18:38:10 | 000,023,552 | ---- | C] () -- C:\Users\AshiDo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 20:33:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/30 20:33:21 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/30 20:33:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/27 20:59:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/27 19:21:43 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/09/27 19:21:43 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/09/27 19:11:05 | 000,027,562 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/09/27 19:10:29 | 000,021,069 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/09/27 19:07:52 | 000,001,460 | ---- | C] () -- C:\Users\AshiDo\AppData\Local\d3d9caps64.dat
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2012/01/03 14:21:38 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=022ED7EB19DFECF39C106E0F9CF2BB19 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys
[2011/04/21 14:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009/04/11 05:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011/04/21 13:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011/04/21 13:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011/04/21 13:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2012/01/03 14:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\SysNative\drivers\afd.sys
[2012/01/03 14:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\system64\drivers\afd.sys
[2012/01/03 14:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys
[2006/11/02 09:48:15 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=DB033C115415F4EF6F26901AF0C5D635 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_31d01c1a19df7fb2\afd.sys
[2008/10/29 23:36:39 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

< MD5 for: ATAPI.SYS >
[2008/10/29 23:26:45 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/10/29 23:26:45 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2006/11/02 12:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\system64\drivers\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 06:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006/11/02 11:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 02:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 06:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 05:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/10/29 23:38:31 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008/10/29 23:41:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: TDX.SYS >
[2006/11/02 09:46:57 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=1AA3D753141EE71C23BF6EB484E95883 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_4425a1d397880919\tdx.sys
[2009/04/11 05:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\SysNative\drivers\tdx.sys
[2009/04/11 05:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\system64\drivers\tdx.sys
[2009/04/11 05:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_4847dcdb9194e539\tdx.sys
[2008/10/29 23:43:20 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=8C39C72E0E853DE04748C0337D9B9216 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_465c63cf947319ed\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/04/11 07:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/04/11 07:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\drivers\volsnap.sys
[2009/04/11 07:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
[2009/04/11 07:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2006/11/02 11:51:39 | 000,247,912 | ---- | M] (Microsoft Corporation) MD5=D4674E125878F77EED0D87E6C46889AA -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
[2008/10/29 23:28:24 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
[2008/10/29 23:28:24 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/10/29 23:35:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/10/29 23:35:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/10/29 23:45:32 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/10/29 23:45:32 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\system64\wininit.exe
[2008/10/29 23:45:32 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006/11/02 11:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006/11/02 09:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/10/29 23:42:58 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/10/29 23:46:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/22 02:45:39 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/22 02:45:39 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/22 02:45:39 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/22 02:45:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/30 13:06:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/30 13:06:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/30 13:06:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/30 13:06:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/30 13:05:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/30 13:05:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/30 13:05:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/30 13:06:01 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/30 13:05:58 | 000,754,480 | ---- | M] (Microsoft Corporation)

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:DFFC73420C0BD6C2

< End of report >
Extra.txt
OTL Extras logfile created on: 15/03/2012 16:03:01 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\AshiDo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.49% Memory free
16.20 Gb Paging File | 13.96 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.99 Gb Total Space | 141.40 Gb Free Space | 48.26% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 59.52 Mb Free Space | 59.53% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 604.86 Gb Free Space | 64.93% Space Free | Partition Type: NTFS
Drive F: | 540.76 Gb Total Space | 444.40 Gb Free Space | 82.18% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 69.40 Gb Free Space | 71.06% Space Free | Partition Type: NTFS

Computer Name: ASHIDO-PC | User Name: AshiDo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AA 7A D7 62 76 5E CB 01 [binary data]
"VistaSp2" = D9 B4 FD 24 35 62 CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0274AC03-8D44-4317-A238-05F51A8026CC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{059F6823-4E55-4EF6-B77A-D35F1942A2C9}" = rport=138 | protocol=17 | dir=out | app=system |
"{08DC06AF-F1C1-4A1C-889E-820CCB29CF62}" = lport=138 | protocol=17 | dir=in | app=system |
"{115B510B-615F-47CB-8799-1BDB7AA873B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13BD2886-F143-4581-86C5-5335D25665EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{16D8023B-F8AE-4949-B631-B06EAA343F7E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011\wnt500x64\rpcsandrasrv.exe |
"{19F961A6-DF32-4E2A-B567-1416A17A52F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E8C3F04-AC3F-45FC-BD43-07EBC2208F7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E3FF323-AC7B-4800-B7BD-1E4C662600E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AD87803-639B-4197-AEC5-3B1EA100DBE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E9CAEF7-D7A1-4EAE-9B04-B691339253A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EEF9860-9C3B-41EC-B03E-759D14995D32}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{43B4BED0-E269-4D97-9951-FEB53BF318C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45F565AC-3D72-483B-A457-266C2ADB79DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{546F1DD0-9FBE-4759-90AA-D7A45E94D5E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58F637E4-EC1C-4FE8-9220-43BD61E465B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{5C813EBA-D001-40D8-9FB3-CD9BC94670F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{65F573D5-6512-4CE4-9062-4A66A3D54E04}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7A602CB2-B6A1-4B94-B19E-7F290A46709F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{883B5DB2-5995-4747-B667-0854AFE4AC31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C92A82E-A506-48D0-A8E5-B6EBCEE3435F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8DA386C9-D727-4F90-BEDD-D92641322B3A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\wnt500x64\rpcsandrasrv.exe |
"{9265608B-30B8-4E3B-AF0E-399927C326DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9329DAAB-834E-4E03-B799-3C4F937CA941}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A7FC8B33-C9F6-47B8-A672-FC1643732690}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A83D96CD-9227-4591-8559-443CA991A156}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B3A499AE-7C7F-4637-A18E-DF867DC6E474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6701EFF-41B1-4638-9AAB-214E2B8C05A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCD851E1-6568-4C10-988F-79CA3D99D81A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BE305AEC-5AB6-4872-B644-55FC66FA74BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D99FB48F-287F-494C-A22E-B6F7A631285B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DA64434C-AFDB-403B-B78F-56538E7D1307}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E4869695-A58C-4646-A0EE-1035612EFFEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF3A0793-7297-47C7-A9F1-E1C0D36604B4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F5D84604-D820-4C8D-AE9F-DA3297E140E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F83C4BAF-029E-43F6-9028-397E1E2B9E3C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E511AB-8AE2-45DA-A640-D9648555AC6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{05885CFA-E967-49C4-B105-71576F5CF3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1847AA54-CE13-44A8-808A-8105E592F39A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1A775936-1A5B-4F4F-8923-DC8390F0FD93}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{20F80D65-C424-4586-AFC5-4F945EF8B42C}" = dir=in | app=c:\users\ashido\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{23A2EA5C-E0F2-4888-B016-3D929E9A4748}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{26B91F75-1A15-426F-993D-BEC6BFE2B16E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3784FA28-23B0-442C-A813-EF215C1549FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{382D961A-D9A3-4581-B10A-D9ECC9A94AC9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{39248A46-700B-410A-8EA5-7F5E92E2E215}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3B3D0687-6E3A-413B-874A-BF9C721A81DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3B5FECEB-F045-4636-93A3-1D715DFFF97C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{410633C4-80FF-483A-A2ED-2A3169B72812}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{44723CA6-354D-4541-9622-CB2F07303623}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4D718FFE-F7ED-4FED-9650-167381A40895}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{55176F4D-8DF5-4E29-B46E-1EBA5C43C3AB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{562445F0-E855-43A6-AA2C-A7F429650AD8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{632A2F61-1C01-4522-A8BF-E768BCDC7BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{6B1BB2E2-C776-480F-B368-03160BA66044}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{6C19CA6A-BF98-4B29-8613-5C5B24041F19}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{73F69D67-73F1-4149-AA1B-E4F0CDC9EDE4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{7575D59D-A958-46BA-B3A1-59D84BB48A28}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{78C0D9C2-80F2-494E-B916-EE91B65EF2F0}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{80D7BB8C-F020-472D-8B84-B41E194F6341}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8B9B56DE-0B4E-4D7C-A7D3-E7612E06F7D3}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{8BD442B4-9EAF-4C39-BF85-7133518EF0C9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{93646CDE-ACEF-4DA6-BFEA-8365EA47137E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbucoms.exe |
"{9FA3F711-55BE-4366-97EC-E977F4EDE9BF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AB12AA7A-A9D8-4B43-B525-CF1C6BB81A94}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B1B7DEB7-48C3-4277-B9E3-B75CACD58BD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C451021F-EB1C-4B23-8899-68DDB723AE37}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E586CC49-559A-40BA-A06F-A64985152340}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E709B9C6-BCD8-4A3C-8571-DD81893C547F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E8DD27B6-C945-4A98-B06F-87606A5E3821}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E9A2A306-2DF5-4197-A918-72DCF3D692FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9EA9F14-FE58-453A-849E-E6F951F32B2A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F1283DC4-29D6-45D8-87E4-96C736C7970E}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbucoms.exe |
"{F160BAD2-D51F-4F8E-AA1C-34CC37F0DFF2}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F5FB9467-578E-42FD-BDA9-3A66251AAB7A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F9FFD8B6-8B67-4572-B2ED-07424C4A092F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FDE6A2BC-499B-4BA7-ABC0-FA2B1F9E6D49}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{FDEB6588-AA99-4DC5-A1C6-7A495ECA8D84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark 6200 Series" = Lexmark 6200 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.5
"NVIDIA Drivers" = NVIDIA Drivers
"RaneAsioSL3_is1" = Rane SL 3 (ver. 1.3.0f11)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel® C++ Redistributables for Windows* on IA-32
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{306C4404-240E-42BC-B95E-D6C6D7697DA6}" = Scratch Live 2.3.3 (18)
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{50081AD5-04C8-40A9-A870-AC2E699BD9A4}" = VideoSL
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5849FBE3-CB1D-48C8-BBF4-C431957E6B9D}" = Remote Surveillance DVR Client
"{5DD152A8-BFB3-439E-90CD-5C00C2116E23}" = AmpliTube 3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F7807CA-B1F1-4CB1-A519-A205D894A37D}" = Intel® C++ Redistributables for Windows* on IA-64
"{620FE3A6-F576-4ECC-9734-FA2DCFA4FF82}" = KORG Legacy Collection - ANALOG EDITION 2007
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B356B6E-C934-4A47-99EF-33057ED848B0}" = Dfx for Adobe Photoshop
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758799AB-2DAD-4BBB-83C3-D69A60D12363}_is1" = Emergence Viewer 1.5.2.549
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAE4B36C-7A25-4513-975B-ACE7437572A0}" = Korg Kontrol Editor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CCAC7B28-CA5C-4520-ABBB-184524C01A51}" = Sony CD Architect 5.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F69FF549-DD4E-40A4-A92A-1E4A082F848F}_is1" = M4A MP3 Converter v4.1 build 923
"{FC08B196-AD6C-4941-BDDD-F33FB18EA646}" = CookSafe
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioCS" = Creative Audio Console
"AudioRealism Bass Line 2_is1" = ABL 2.1.2
"AudioRealism Drum Machine_is1" = ADM 1.0.1
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"Behringer BCD3000 Driver v1.3.4" = Behringer BCD3000 Driver v1.3.4
"BrainWave Generator" = BrainWave Generator
"Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi" = Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi
"Camfrog 6.1" = Camfrog Video Chat 6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dfx for Adobe Photoshop" = Dfx for Adobe Photoshop
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"Elemental Audio Eqium VST RTAS 2.13" = Elemental Audio Eqium VST RTAS 2.13
"eLicenser Control" = eLicenser Control
"ExodusViewerBeta" = ExodusViewerBeta (remove only)
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"FL Studio 10" = FL Studio 10
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"iZotope Stutter Edit_is1" = iZotope Stutter Edit
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.2" = Live 8.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mixed In Key" = Mixed In Key 2.5
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Mp3tag" = Mp3tag v2.49a
"MSC" = BT NetProtect Plus
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O
"PowerISO" = PowerISO
"Predator_is1" = Rob Papen Predator V1.5.8 32 Bits Multi-Core
"Prophet-V2_is1" = Prophet-V2 2.0
"PSP VintageWarmer2 2.5.0 32bit" = PSP VintageWarmer2 2.5.0 32bit
"Reason5_is1" = Reason 5.0
"ReCycle_is1" = ReCycle 2.1.2
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Reverence VST plug-in" = Reverence VST plug-in
"Rob Papen BLUE Version 1.8.0_is1" = Rob Papen BLUE Version 1.8.5d Multi-Core
"SAM3" = SAM Broadcaster (remove only)
"SimpleCast" = SimpleCast (remove only)
"Sony Vocal Eraser_is1" = Sony Vocal Eraser
"SubBoomBass_is1" = Rob Papen SubBoomBass 1.0.3c Multi-core
"SystemRequirementsLab" = System Requirements Lab
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"URS Everything EQ Bundle v4.0" = URS Everything EQ Bundle v4.0
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"WaveLabPro" = WaveLab 6
"Waves Vocal Bundle v1.1" = Waves Vocal Bundle v1.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Rob Papen Albino 3" = Rob Papen Albino 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/01/2012 20:14:58 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8488764

Error - 03/01/2012 20:14:58 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8488764

Error - 03/01/2012 20:14:59 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 20:14:59 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8489762

Error - 03/01/2012 20:14:59 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8489762

Error - 03/01/2012 20:15:00 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 20:15:00 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8490760

Error - 03/01/2012 20:15:00 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8490760

Error - 03/01/2012 20:15:01 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 20:15:01 | Computer Name = AshiDo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8491759

[ Media Center Events ]
Error - 31/01/2011 13:47:53 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 31/01/2011 14:19:24 | Computer Name = AshiDo-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 07/01/2012 13:51:32 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 07/01/2012 13:51:32 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 07/01/2012 15:32:03 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 109
Description =

Error - 25/01/2012 15:17:37 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 25/01/2012 15:17:37 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 25/01/2012 16:00:04 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 25/01/2012 16:00:04 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 107
Description =

Error - 25/01/2012 17:55:00 | Computer Name = AshiDo-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 14/03/2012 15:22:03 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 14/03/2012 15:22:03 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 14/03/2012 15:22:03 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 14/03/2012 15:23:12 | Computer Name = AshiDo-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 14/03/2012 15:51:42 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 15/03/2012 06:55:09 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 15/03/2012 06:55:09 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 15/03/2012 06:55:09 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 15/03/2012 06:57:17 | Computer Name = AshiDo-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 15/03/2012 07:23:50 | Computer Name = AshiDo-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
6.
PC runs ok,,but to boot Vista after MBAM removed consrv.dll I need to boot onto XP partition and load Vista system hive, change the pointer from consrv.dll to winsrv.dll to be able to boot Vista or I just get BSOD on boot

#5 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 16 March 2012 - 07:27 AM

6.
Correction, this morning im greeted with a random fake anti virus and security. Was unable to do a lot with task manager being locked out and anti virus disabled. Managed to log out and log back in and kill program running and deleted the files that had been placed in c:/windows/temp and got system stable again, for how long is another question...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 16 March 2012 - 09:18 AM

Hi Neil!

Not a problem! :)

It looks like this infection has corrupted the values for a few registry keys. We'll need to address this a little later.

Thanks for those logs, and for that information. This infection has a strong grip on your computer.

Lets whip out a powerful tool, and see how things are running after you run it.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 16 March 2012 - 09:22 PM

Hi there
Upon running combofix i generated this log
ComboFix 12-03-16.05 - AshiDo 17/03/2012 1:57.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.6489 [GMT 0:00]
Running from: c:\users\AshiDo\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\master
c:\programdata\ntuser.dat
c:\programdata\Propellerhead Software\ReCycle
c:\programdata\Propellerhead Software\ReCycle\ReCycle210.dat
c:\programdata\xmlAB8A.tmp
c:\programdata\xmlAFA0.tmp
c:\programdata\xmlB05D.tmp
c:\users\AshiDo\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\AshiDo\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\users\AshiDo\Documents\TMPA967.tmp
c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tyenz.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\Attivazione Automatica Office
c:\windows\SysWow64\Attivazione Automatica Office\ospp.vbs
c:\windows\SysWow64\Attivazione Automatica Office\osppc.dll
c:\windows\SysWow64\Attivazione Automatica Office\ospprearm.exe
c:\windows\SysWow64\Attivazione Automatica Office\slerror.xml
c:\windows\SysWow64\Attivazione Automatica Office\StartX.exe
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\NSREG.DLL
c:\windows\SysWow64\ssprs.dll
c:\windows\SysWow64\tmpPrst.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 02:10 . 2012-03-17 02:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-17 02:05 . 2012-03-17 02:09 -------- d-----w- c:\users\AshiDo\AppData\Local\temp
2012-03-17 02:05 . 2012-03-17 02:05 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-17 02:05 . 2012-03-17 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 11:55 . 2012-03-16 11:55 32256 --sha-w- c:\windows\SysWow64\5AP76VDb.com
2012-03-16 11:54 . 2012-03-16 11:54 -------- d-----w- c:\programdata\Local Settings
2012-03-15 23:13 . 2012-03-15 23:13 245760 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\goem.exe
2012-03-14 19:09 . 2012-03-14 19:09 -------- d-----w- c:\users\AshiDo\AppData\Roaming\ExodusViewer
2012-03-14 19:09 . 2012-03-15 20:47 -------- d-----w- c:\users\AshiDo\AppData\Local\ExodusViewer
2012-03-14 19:08 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\ExodusViewerBeta
2012-03-14 15:30 . 2012-03-14 15:40 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\programdata\Pinnacle
2012-03-13 19:21 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 16:19 . 2012-03-13 16:19 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-03-13 16:16 . 2012-03-13 16:21 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-03-13 01:38 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 01:38 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-10 13:40 . 2012-03-10 13:40 -------- d-----w- c:\program files\iPod
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files\iTunes
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:11 . 2012-03-09 20:24 -------- d-----w- C:\sh4ldr
2012-03-09 19:11 . 2012-03-09 19:11 -------- d-----w- c:\program files\Enigma Software Group
2012-03-09 19:10 . 2012-03-09 20:24 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\SpeedyPC Software
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\DriverCure
2012-03-09 18:53 . 2012-03-09 19:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\users\AshiDo\AppData\Roaming\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 18:08 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:27 . 2003-06-23 02:44 1415680 ----a-w- c:\windows\SysWow64\WMV9VCM.dll
2012-03-06 18:26 . 2012-03-06 18:26 8192 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{FC08B196-AD6C-4941-BDDD-F33FB18EA646}\IconFC08B196.exe
2012-03-06 18:25 . 2003-04-18 16:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-06 18:25 . 2012-03-14 18:56 -------- d-----w- c:\program files (x86)\EpicVJ
2012-03-04 13:10 . 2012-03-06 18:20 -------- d-----w- c:\users\AshiDo\AppData\Roaming\GrandVJ
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\programdata\Macrovision
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-03-03 19:58 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-03 19:58 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-03 19:58 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-03 19:58 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-03 19:58 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-03 19:58 . 2012-03-03 19:58 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-03 19:58 . 2012-03-03 19:58 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-03 19:01 . 2012-03-03 19:01 -------- d-----w- c:\program files (x86)\Common Files\Serato
2012-03-02 10:39 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC04075-AAF0-42CD-9B37-426F53D92758}\mpengine.dll
2012-02-21 15:30 . 2012-03-08 17:54 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-02-20 18:02 . 2012-02-20 18:02 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-02-16 13:37 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 13:37 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 13:37 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 10:53 . 2011-10-21 00:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 11:04 . 2011-06-15 23:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 04:13 . 2012-01-13 19:06 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-13 19:06 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-01-13 19:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-13 19:06 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-13 19:06 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-02-02 22:34 . 2012-02-02 22:33 5040 ----a-w- c:\users\AshiDo\AppData\Local\VWLE940.tmp
2012-01-29 05:10 . 2010-09-27 20:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 09:47 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-13 19:08 . 2011-10-21 00:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-01-08 18:01 . 2012-01-08 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-10-29 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"ReCycle Patch"="c:\program files (x86)\Propellerhead\ReCycle\ReCyclePatch.exe" [2005-12-20 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"="c:\progra~3\LOCALS~1\Temp\msaigmwd.pif" [2008-10-29 118784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BCD3000 Control Panel.lnk - c:\program files\Behringer\BCD3000\Drivers\bcd3kcpan.exe [2012-1-13 548864]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
goem.exe [2012-3-15 245760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\At1.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At11.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At13.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At15.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At17.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At19.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At21.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At23.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At25.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At27.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At29.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At3.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At31.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At33.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At35.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At37.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At39.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
2012-03-16 c:\windows\Tasks\At41.job
- c:\windows\system32\5AP76VDb.com [2012-03-16 11:55]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2127880
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2127880
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKCU-Run-NVIDIA nTune - c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
AddRemove-{23CBDEE3-C8B3-4E97-842B-6115A1391481} - c:\programdata\{F032C584-F5A7-4097-B137-C76CAA800BC1}\Engine Installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ç0Ğ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,73,68,69,44,6f,5c,44,65,73,6b,74,6f,70,
5c,44,49,20,32,33,30,31,42,32,2e,77,61,76,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}*]
"hacadhfegpmlpolo"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
"iambjpmmjalfhgncma"=hex:63,61,6a,64,70,64,00,7e
"iaiabegdliaeocoiln"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe
c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
c:\programdata\Local Settings\Temp\msaigmwd.pif
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
.
**************************************************************************
.
Completion time: 2012-03-17 02:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 02:15
.
Pre-Run: 200,521,064,448 bytes free
Post-Run: 200,258,957,312 bytes free
.
- - End Of File - - 1266BED1488C7BD8ED57AEECED816657

As combofix rebooted the pc successfully :) i get a pop up box from windows - c:\users\ashido\appdata\local\temp\15022.exe version incompatibility error with 64bit OS, pointing at it being a 16bit app, think ive had this error b4 when booting up, cant see this file in location indicated.

Thx
Neil

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 17 March 2012 - 12:56 AM

Hi Neil!

As combofix rebooted the pc successfully i get a pop up box from windows - c:\users\ashido\appdata\local\temp\15022.exe version incompatibility error with 64bit OS, pointing at it being a 16bit app, think ive had this error b4 when booting up, cant see this file in location indicated.

Yeah, this should stop after you run this script below.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
AtJob::
File::
c:\windows\system32\dds_trash_log.cmd
c:\progra~3\LOCALS~1\Temp\msaigmwd.pif
c:\windows\SysWow64\5AP76VDb.com
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\goem.exe
DirLook::
c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
c:\programdata\Local Settings
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"=-
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 17 March 2012 - 09:13 PM

Hi there
Quick update, booted pc and wouldnt start due to consrv missing again, went xp and controlset 001 and 003 had to be changed to winsrv
Booted and created script and ran Combofix
Here is the log :)

ComboFix 12-03-16.05 - AshiDo 18/03/2012 1:51.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.6087 [GMT 0:00]
Running from: c:\users\AshiDo\Desktop\ComboFix.exe
Command switches used :: c:\users\AshiDo\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\progra~3\LOCALS~1\Temp\msaigmwd.pif"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\goem.exe"
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\SysWow64\5AP76VDb.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~3\LOCALS~1\Temp\msaigmwd.pif
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\goem.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\5AP76VDb.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 02:00 . 2012-03-18 02:03 -------- d-----w- c:\users\AshiDo\AppData\Local\temp
2012-03-18 02:00 . 2012-03-18 02:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-18 02:00 . 2012-03-18 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 01:55 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB810DB-7CE6-469B-82FD-DEEBBD4C3FA6}\mpengine.dll
2012-03-16 11:54 . 2012-03-16 11:54 -------- d-----w- c:\programdata\Local Settings
2012-03-14 19:09 . 2012-03-14 19:09 -------- d-----w- c:\users\AshiDo\AppData\Roaming\ExodusViewer
2012-03-14 19:09 . 2012-03-15 20:47 -------- d-----w- c:\users\AshiDo\AppData\Local\ExodusViewer
2012-03-14 19:08 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\ExodusViewerBeta
2012-03-14 15:30 . 2012-03-14 15:40 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\programdata\Pinnacle
2012-03-13 19:21 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 16:19 . 2012-03-13 16:19 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-03-13 16:16 . 2012-03-13 16:21 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-03-13 01:38 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 01:38 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-10 13:40 . 2012-03-10 13:40 -------- d-----w- c:\program files\iPod
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files\iTunes
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:11 . 2012-03-09 20:24 -------- d-----w- C:\sh4ldr
2012-03-09 19:11 . 2012-03-09 19:11 -------- d-----w- c:\program files\Enigma Software Group
2012-03-09 19:10 . 2012-03-09 20:24 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\SpeedyPC Software
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\DriverCure
2012-03-09 18:53 . 2012-03-09 19:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\users\AshiDo\AppData\Roaming\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 18:08 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:27 . 2003-06-23 02:44 1415680 ----a-w- c:\windows\SysWow64\WMV9VCM.dll
2012-03-06 18:26 . 2012-03-06 18:26 8192 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{FC08B196-AD6C-4941-BDDD-F33FB18EA646}\IconFC08B196.exe
2012-03-06 18:25 . 2003-04-18 16:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-06 18:25 . 2012-03-14 18:56 -------- d-----w- c:\program files (x86)\EpicVJ
2012-03-04 13:10 . 2012-03-06 18:20 -------- d-----w- c:\users\AshiDo\AppData\Roaming\GrandVJ
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\programdata\Macrovision
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-03-03 19:58 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-03 19:58 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-03 19:58 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-03 19:58 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-03 19:58 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-03 19:58 . 2012-03-03 19:58 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-03 19:58 . 2012-03-03 19:58 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-03 19:01 . 2012-03-03 19:01 -------- d-----w- c:\program files (x86)\Common Files\Serato
2012-02-21 15:30 . 2012-03-08 17:54 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-02-20 18:02 . 2012-02-20 18:02 -------- d-----w- c:\program files (x86)\VirtualDJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 10:53 . 2011-10-21 00:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 11:04 . 2011-06-15 23:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-09-27 20:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 04:13 . 2012-01-13 19:06 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-13 19:06 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-01-13 19:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-13 19:06 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-13 19:06 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-02-02 22:34 . 2012-02-02 22:33 5040 ----a-w- c:\users\AshiDo\AppData\Local\VWLE940.tmp
2012-01-18 09:47 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-13 19:08 . 2011-10-21 00:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-01-08 18:01 . 2012-01-08 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-03 14:25 . 2012-02-16 13:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} ----
.
2012-03-13 16:19 . 2012-03-13 16:19 115 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\instance.dat
2012-03-13 16:19 . 2012-03-13 16:19 11236 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.par
2012-03-13 16:19 . 2012-03-13 16:19 790 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.dat
2012-03-13 16:19 . 2011-11-21 12:34 579156 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\mia.lib
2012-03-13 16:19 . 2011-11-21 12:34 12006320 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.res
2012-03-13 16:19 . 2011-11-21 12:34 312320 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.msi
2012-03-13 16:19 . 2011-11-21 12:34 4378336 -c--a-w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
.
---- Directory of c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958} ----
.
2012-03-13 16:21 . 2012-03-13 16:21 110 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\instance.dat
2012-03-13 16:21 . 2012-03-13 16:21 9136 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.par
2012-03-13 16:21 . 2012-03-13 16:22 663 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.dat
2012-03-13 16:21 . 2012-01-20 00:00 579156 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\mia.lib
2012-03-13 16:21 . 2012-01-20 00:00 12214942 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.res
2012-03-13 16:21 . 2012-01-20 00:00 1061376 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.msi
2012-03-13 16:21 . 2012-01-20 00:00 4626912 -c--a-w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.exe
.
---- Directory of c:\programdata\Local Settings ----
.
.
---- Directory of c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP ----
.
2012-03-09 20:24 . 2012-03-09 20:24 8203 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseData.ini
2012-03-09 20:24 . 2012-03-09 20:24 189844 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.dll
2012-03-09 20:24 . 2012-03-09 20:24 176035 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla33.dll
2012-03-09 20:24 . 2012-03-09 20:24 176545 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla32.dll
2012-03-09 20:24 . 2012-03-09 20:24 189750 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla21.dll
2012-03-09 20:24 . 2012-03-09 20:24 176035 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla2.dll
2012-03-09 20:24 . 2012-03-09 20:24 184966 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla31.exe
2012-03-09 20:24 . 2012-03-09 20:24 179526 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla.dll
2012-03-09 20:24 . 2012-03-09 20:24 175992 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla34.dll
2012-03-09 20:24 . 2012-03-09 20:24 66956 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCall.dll
2012-03-09 19:10 . 2012-03-09 19:10 189844 ----a-w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_02.09.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 19:02 . 2012-03-18 01:55 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 19:02 . 2012-03-18 01:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-18 01:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 02:02 . 2012-03-18 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 02:02 . 2012-03-18 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-03-17 02:14 609182 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 609182 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-17 02:14 108690 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 108690 c:\windows\system32\perfc009.dat
- 2010-10-16 01:26 . 2012-03-17 02:07 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-16 01:26 . 2012-03-18 02:01 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-15 09:51 . 2012-03-18 02:01 20386418 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1289396712-1149613695-2710581571-1000-12288.dat
- 2011-06-15 09:51 . 2012-03-17 02:07 20386418 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1289396712-1149613695-2710581571-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-10-29 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"ReCycle Patch"="c:\program files (x86)\Propellerhead\ReCycle\ReCyclePatch.exe" [2005-12-20 184320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BCD3000 Control Panel.lnk - c:\program files\Behringer\BCD3000\Drivers\bcd3kcpan.exe [2012-1-13 548864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000Core.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000UA.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672]
"combofix"="c:\combofix\CF13515.3XE" [2008-10-29 363008]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DirectUpdate
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2127880
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2127880
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKLM-Explorer_Run-11328 - c:\progra~3\LOCALS~1\Temp\msaigmwd.pif
WebBrowser-{56D4614E-9449-45F7-8E02-783C66418938} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ç0Ğ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,73,68,69,44,6f,5c,44,65,73,6b,74,6f,70,
5c,44,49,20,32,33,30,31,42,32,2e,77,61,76,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}*]
"hacadhfegpmlpolo"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
"iambjpmmjalfhgncma"=hex:63,61,6a,64,70,64,00,7e
"iaiabegdliaeocoiln"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe
c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
.
**************************************************************************
.
Completion time: 2012-03-18 02:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 02:08
ComboFix2.txt 2012-03-17 02:15
.
Pre-Run: 200,292,372,480 bytes free
Post-Run: 200,233,136,128 bytes free
.
- - End Of File - - 73826F6F767BE9138D5BC652A6F586D5

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 18 March 2012 - 03:11 AM

Hi Neil!

Thanks for that information! It looks like this infection has a strong gripe on things with your computer.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
C:\Windows\SysNative\alerter.dll
ClearJavaCache::
Driver::
DirectUpdate
NetSvc::
DirectUpdate

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 18 March 2012 - 07:51 PM

Same issue as previous night, had to change registry to enter Vista, no pop up at startup tho.
Created script and here's combofix's log

ComboFix 12-03-16.05 - AshiDo 19/03/2012 0:31.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.5668 [GMT 0:00]
Running from: c:\users\AshiDo\Desktop\ComboFix.exe
Command switches used :: c:\users\AshiDo\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\alerter.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\alerter.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DirectUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 00:39 . 2012-03-19 00:42 -------- d-----w- c:\users\AshiDo\AppData\Local\temp
2012-03-19 00:39 . 2012-03-19 00:39 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-19 00:39 . 2012-03-19 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 01:55 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB810DB-7CE6-469B-82FD-DEEBBD4C3FA6}\mpengine.dll
2012-03-16 11:54 . 2012-03-16 11:54 -------- d-----w- c:\programdata\Local Settings
2012-03-14 19:09 . 2012-03-14 19:09 -------- d-----w- c:\users\AshiDo\AppData\Roaming\ExodusViewer
2012-03-14 19:09 . 2012-03-15 20:47 -------- d-----w- c:\users\AshiDo\AppData\Local\ExodusViewer
2012-03-14 19:08 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\ExodusViewerBeta
2012-03-14 15:30 . 2012-03-14 15:40 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\programdata\Pinnacle
2012-03-13 19:21 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 16:19 . 2012-03-13 16:19 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-03-13 16:16 . 2012-03-13 16:21 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-03-13 01:38 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 01:38 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-10 13:40 . 2012-03-10 13:40 -------- d-----w- c:\program files\iPod
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files\iTunes
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:11 . 2012-03-09 20:24 -------- d-----w- C:\sh4ldr
2012-03-09 19:11 . 2012-03-09 19:11 -------- d-----w- c:\program files\Enigma Software Group
2012-03-09 19:10 . 2012-03-09 20:24 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\SpeedyPC Software
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\DriverCure
2012-03-09 18:53 . 2012-03-09 19:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\users\AshiDo\AppData\Roaming\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 18:08 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:27 . 2003-06-23 02:44 1415680 ----a-w- c:\windows\SysWow64\WMV9VCM.dll
2012-03-06 18:26 . 2012-03-06 18:26 8192 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{FC08B196-AD6C-4941-BDDD-F33FB18EA646}\IconFC08B196.exe
2012-03-06 18:25 . 2003-04-18 16:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-06 18:25 . 2012-03-14 18:56 -------- d-----w- c:\program files (x86)\EpicVJ
2012-03-04 13:10 . 2012-03-06 18:20 -------- d-----w- c:\users\AshiDo\AppData\Roaming\GrandVJ
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\programdata\Macrovision
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-03-03 19:58 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-03 19:58 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-03 19:58 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-03 19:58 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-03 19:58 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-03 19:58 . 2012-03-03 19:58 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-03 19:58 . 2012-03-03 19:58 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-03 19:01 . 2012-03-03 19:01 -------- d-----w- c:\program files (x86)\Common Files\Serato
2012-02-21 15:30 . 2012-03-08 17:54 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-02-20 18:02 . 2012-02-20 18:02 -------- d-----w- c:\program files (x86)\VirtualDJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 10:53 . 2011-10-21 00:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 11:04 . 2011-06-15 23:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-09-27 20:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 04:13 . 2012-01-13 19:06 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-13 19:06 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-01-13 19:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-13 19:06 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-13 19:06 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-02-02 22:34 . 2012-02-02 22:33 5040 ----a-w- c:\users\AshiDo\AppData\Local\VWLE940.tmp
2012-01-18 09:47 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-13 19:08 . 2011-10-21 00:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-01-08 18:01 . 2012-01-08 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-03 14:25 . 2012-02-16 13:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_02.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 19:02 . 2012-03-19 00:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 00:42 . 2012-03-19 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-19 00:42 . 2012-03-19 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 12:46 . 2012-03-17 02:14 609182 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 609182 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-17 02:14 108690 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 108690 c:\windows\system32\perfc009.dat
- 2010-10-16 01:26 . 2012-03-17 02:07 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-16 01:26 . 2012-03-19 00:40 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-15 09:51 . 2012-03-19 00:40 20688472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1289396712-1149613695-2710581571-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-10-29 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"ReCycle Patch"="c:\program files (x86)\Propellerhead\ReCycle\ReCyclePatch.exe" [2005-12-20 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"="c:\progra~3\LOCALS~1\Temp\msaigmwd.pif" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BCD3000 Control Panel.lnk - c:\program files\Behringer\BCD3000\Drivers\bcd3kcpan.exe [2012-1-13 548864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000Core.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
2012-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000UA.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672]
"combofix"="c:\combofix\CF17660.3XE" [2008-10-29 363008]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DirectUpdate
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2127880
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2127880
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{56D4614E-9449-45F7-8E02-783C66418938} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ç0Ğ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,73,68,69,44,6f,5c,44,65,73,6b,74,6f,70,
5c,44,49,20,32,33,30,31,42,32,2e,77,61,76,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}*]
"hacadhfegpmlpolo"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
"iambjpmmjalfhgncma"=hex:63,61,6a,64,70,64,00,7e
"iaiabegdliaeocoiln"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe
c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-03-19 00:48:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 00:48
ComboFix2.txt 2012-03-18 02:08
ComboFix3.txt 2012-03-17 02:15
.
Pre-Run: 200,261,046,272 bytes free
Post-Run: 200,279,904,256 bytes free
.
- - End Of File - - FFFCAAAB6A827716B4691851E6BC2A56

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 19 March 2012 - 04:58 AM

Hi!

Thanks for that information.

Lets see what these scans leave us.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
File::
c:\progra~3\LOCALS~1\Temp\msaigmwd.pif

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Edited by SweetTech, 19 March 2012 - 05:02 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 19 March 2012 - 07:14 AM

Hi there
Was able to boot pc today without any registry changing :D
Created script and ran combofix

ComboFix 12-03-16.05 - AshiDo 19/03/2012 11:36:49.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.6642 [GMT 0:00]
Running from: c:\users\AshiDo\Desktop\ComboFix.exe
Command switches used :: c:\users\AshiDo\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\progra~3\LOCALS~1\Temp\msaigmwd.pif"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 11:44 . 2012-03-19 11:59 -------- d-----w- c:\users\AshiDo\AppData\Local\temp
2012-03-19 11:44 . 2012-03-19 11:44 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-19 11:44 . 2012-03-19 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 01:55 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECB810DB-7CE6-469B-82FD-DEEBBD4C3FA6}\mpengine.dll
2012-03-16 11:54 . 2012-03-16 11:54 -------- d-----w- c:\programdata\Local Settings
2012-03-14 19:09 . 2012-03-14 19:09 -------- d-----w- c:\users\AshiDo\AppData\Roaming\ExodusViewer
2012-03-14 19:09 . 2012-03-15 20:47 -------- d-----w- c:\users\AshiDo\AppData\Local\ExodusViewer
2012-03-14 19:08 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\ExodusViewerBeta
2012-03-14 15:30 . 2012-03-14 15:40 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\programdata\Pinnacle
2012-03-13 19:21 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 16:19 . 2012-03-13 16:19 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-03-13 16:16 . 2012-03-13 16:21 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-03-13 01:38 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 01:38 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-10 13:40 . 2012-03-10 13:40 -------- d-----w- c:\program files\iPod
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files\iTunes
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:11 . 2012-03-09 20:24 -------- d-----w- C:\sh4ldr
2012-03-09 19:11 . 2012-03-09 19:11 -------- d-----w- c:\program files\Enigma Software Group
2012-03-09 19:10 . 2012-03-09 20:24 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\SpeedyPC Software
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\DriverCure
2012-03-09 18:53 . 2012-03-09 19:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\users\AshiDo\AppData\Roaming\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 18:08 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:27 . 2003-06-23 02:44 1415680 ----a-w- c:\windows\SysWow64\WMV9VCM.dll
2012-03-06 18:26 . 2012-03-06 18:26 8192 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{FC08B196-AD6C-4941-BDDD-F33FB18EA646}\IconFC08B196.exe
2012-03-06 18:25 . 2003-04-18 16:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-06 18:25 . 2012-03-14 18:56 -------- d-----w- c:\program files (x86)\EpicVJ
2012-03-04 13:10 . 2012-03-06 18:20 -------- d-----w- c:\users\AshiDo\AppData\Roaming\GrandVJ
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\programdata\Macrovision
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-03-03 19:58 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-03 19:58 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-03 19:58 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-03 19:58 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-03 19:58 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-03 19:58 . 2012-03-03 19:58 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-03 19:58 . 2012-03-03 19:58 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-03 19:01 . 2012-03-03 19:01 -------- d-----w- c:\program files (x86)\Common Files\Serato
2012-02-21 15:30 . 2012-03-08 17:54 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-02-20 18:02 . 2012-02-20 18:02 -------- d-----w- c:\program files (x86)\VirtualDJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 10:53 . 2011-10-21 00:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 11:04 . 2011-06-15 23:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-09-27 20:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 04:13 . 2012-01-13 19:06 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-13 19:06 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-01-13 19:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-13 19:06 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-13 19:06 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-02-02 22:34 . 2012-02-02 22:33 5040 ----a-w- c:\users\AshiDo\AppData\Local\VWLE940.tmp
2012-01-18 09:47 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-13 19:08 . 2011-10-21 00:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-01-08 18:01 . 2012-01-08 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-03 14:25 . 2012-02-16 13:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_02.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 19:02 . 2012-03-19 11:46 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 11:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 11:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 11:46 . 2012-03-19 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-19 11:46 . 2012-03-19 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 12:46 . 2012-03-19 11:35 609182 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 609182 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-19 11:35 108690 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 108690 c:\windows\system32\perfc009.dat
- 2010-10-16 01:26 . 2012-03-17 02:07 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-16 01:26 . 2012-03-19 11:45 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-15 09:51 . 2012-03-19 11:45 20688472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1289396712-1149613695-2710581571-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-10-29 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"ReCycle Patch"="c:\program files (x86)\Propellerhead\ReCycle\ReCyclePatch.exe" [2005-12-20 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"="c:\progra~3\LOCALS~1\Temp\msaigmwd.pif" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BCD3000 Control Panel.lnk - c:\program files\Behringer\BCD3000\Drivers\bcd3kcpan.exe [2012-1-13 548864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000Core.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
2012-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000UA.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"LXBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll" [2007-04-17 28672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DirectUpdate
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2127880
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2127880
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{56D4614E-9449-45F7-8E02-783C66418938} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ç0Ğ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,73,68,69,44,6f,5c,44,65,73,6b,74,6f,70,
5c,44,49,20,32,33,30,31,42,32,2e,77,61,76,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}*]
"hacadhfegpmlpolo"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
"iambjpmmjalfhgncma"=hex:63,61,6a,64,70,64,00,7e
"iaiabegdliaeocoiln"=hex:6b,61,6e,64,64,66,65,63,69,69,64,64,6d,6f,70,65,63,65,
64,69,6d,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe
c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-03-19 12:02:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 12:02
ComboFix2.txt 2012-03-19 00:48
ComboFix3.txt 2012-03-18 02:08
ComboFix4.txt 2012-03-17 02:15
.
Pre-Run: 200,285,245,440 bytes free
Post-Run: 200,279,388,160 bytes free
.
- - End Of File - - 0A78A750F371DF5CEE3299EF4EA026B5

aswMBR executed
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 12:07:12
-----------------------------
12:07:12.430 OS Version: Windows x64 6.0.6002 Service Pack 2
12:07:12.430 Number of processors: 4 586 0x402
12:07:12.430 ComputerName: ASHIDO-PC UserName: AshiDo
12:07:13.543 Initialize success
12:07:39.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:07:39.369 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
12:07:39.373 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
12:07:39.377 Disk 1 Vendor: WDC_WD10EACS-00ZJB0 01.01B01 Size: 953869MB BusType: 3
12:07:39.404 Disk 0 MBR read successfully
12:07:39.409 Disk 0 MBR scan
12:07:39.414 Disk 0 Windows VISTA default MBR code
12:07:39.420 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:07:39.432 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 553741 MB offset 206848
12:07:39.451 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300018 MB offset 1134269325
12:07:39.472 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99999 MB offset 1748721664
12:07:39.496 Disk 0 scanning C:\Windows\system32\drivers
12:07:45.616 Service scanning
12:08:02.848 Modules scanning
12:08:02.863 Disk 0 trace - called modules:
12:08:02.891 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:08:02.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c13280]
12:08:02.909 3 CLASSPNP.SYS[fffffa6000bcfc33] -> nt!IofCallDriver -> [0xfffffa8007988520]
12:08:02.919 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079844b0]
12:08:02.928 Scan finished successfully
12:12:39.948 Disk 0 MBR has been saved successfully to "C:\Users\AshiDo\Desktop\MBR.dat"
12:12:39.965 The log file has been saved successfully to "C:\Users\AshiDo\Desktop\aswMBR.txt"

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:32 AM

Posted 20 March 2012 - 02:28 AM

Hi Neil!

Glad to hear you were able to boot up normally without making any changes to the registry this time around. :)

How are things running with your computer?

We need to run another script with ComboFix.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
File::
C:\users\AshiDo\AppData\Local\VWLE940.tmp
Rootkit::
c:\progra~3\LOCALS~1\Temp\msaigmwd.pif
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"=-
RegNull::
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FB4CDDA-39DC-D977-360D-D2EE1984B529}*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 NeilR

NeilR
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 20 March 2012 - 09:26 AM

Computer appears to be running as per the norm, apart from IE hung and mozilla wouldn't load just as I went to get this script, reboot sorted but was weird 1

ComboFix 12-03-16.05 - AshiDo 20/03/2012 14:05:01.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.8189.6486 [GMT 0:00]
Running from: c:\users\AshiDo\Desktop\ComboFix.exe
Command switches used :: c:\users\AshiDo\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\AshiDo\AppData\Local\VWLE940.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AshiDo\AppData\Local\VWLE940.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 14:16 . 2012-03-20 14:18 -------- d-----w- c:\users\AshiDo\AppData\Local\temp
2012-03-20 14:16 . 2012-03-20 14:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-20 14:16 . 2012-03-20 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 13:47 . 2012-03-20 13:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{922C3460-42C3-4F43-9632-042A46F0172A}\offreg.dll
2012-03-20 13:29 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{922C3460-42C3-4F43-9632-042A46F0172A}\mpengine.dll
2012-03-16 11:54 . 2012-03-16 11:54 -------- d-----w- c:\programdata\Local Settings
2012-03-14 19:09 . 2012-03-14 19:09 -------- d-----w- c:\users\AshiDo\AppData\Roaming\ExodusViewer
2012-03-14 19:09 . 2012-03-15 20:47 -------- d-----w- c:\users\AshiDo\AppData\Local\ExodusViewer
2012-03-14 19:08 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\ExodusViewerBeta
2012-03-14 15:30 . 2012-03-14 15:40 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 15:30 . 2012-03-14 15:30 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-14 15:26 . 2012-03-14 15:26 -------- d-----w- c:\programdata\Pinnacle
2012-03-13 19:21 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 19:21 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 16:19 . 2012-03-13 16:19 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-03-13 16:16 . 2012-03-13 16:21 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-03-13 01:38 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-13 01:38 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-10 13:40 . 2012-03-10 13:40 -------- d-----w- c:\program files\iPod
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files\iTunes
2012-03-10 13:40 . 2012-03-10 13:41 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:11 . 2012-03-09 20:24 -------- d-----w- C:\sh4ldr
2012-03-09 19:11 . 2012-03-09 19:11 -------- d-----w- c:\program files\Enigma Software Group
2012-03-09 19:10 . 2012-03-09 20:24 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\SpeedyPC Software
2012-03-09 18:53 . 2012-03-09 18:53 -------- d-----w- c:\users\AshiDo\AppData\Roaming\DriverCure
2012-03-09 18:53 . 2012-03-09 19:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\users\AshiDo\AppData\Roaming\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-08 18:08 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 19:27 . 2003-06-23 02:44 1415680 ----a-w- c:\windows\SysWow64\WMV9VCM.dll
2012-03-06 18:26 . 2012-03-06 18:26 8192 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{FC08B196-AD6C-4941-BDDD-F33FB18EA646}\IconFC08B196.exe
2012-03-06 18:25 . 2003-04-18 16:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-06 18:25 . 2012-03-14 18:56 -------- d-----w- c:\program files (x86)\EpicVJ
2012-03-04 13:10 . 2012-03-06 18:20 -------- d-----w- c:\users\AshiDo\AppData\Roaming\GrandVJ
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\programdata\Macrovision
2012-03-03 20:01 . 2012-03-03 20:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2012-03-03 19:58 . 2002-12-05 14:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-03 19:58 . 2002-12-05 14:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-03 19:58 . 2002-12-02 15:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-03 19:58 . 2002-12-02 13:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-03 19:58 . 2002-12-02 13:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-03 19:58 . 2012-03-03 19:58 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-03 19:58 . 2012-03-03 19:58 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-03 19:01 . 2012-03-03 19:01 -------- d-----w- c:\program files (x86)\Common Files\Serato
2012-02-21 15:30 . 2012-03-08 17:54 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-02-20 18:02 . 2012-02-20 18:02 -------- d-----w- c:\program files (x86)\VirtualDJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 10:53 . 2011-10-21 00:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 11:04 . 2011-06-15 23:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-09-27 20:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 04:13 . 2012-01-13 19:06 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-13 19:06 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-01-13 19:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-13 19:06 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-13 19:06 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-13 19:06 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-02-03 14:47 . 2012-02-03 14:47 61440 ----a-r- c:\users\AshiDo\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-01-18 09:47 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-13 19:08 . 2011-10-21 00:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-01-08 18:01 . 2012-01-08 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-03 14:25 . 2012-02-16 13:37 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_02.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 19:02 . 2012-03-20 13:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-20 13:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-20 13:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 14:18 . 2012-03-20 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 02:08 . 2012-03-17 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-20 14:18 . 2012-03-20 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 12:46 . 2012-03-19 11:35 609182 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 609182 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-19 11:35 108690 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-17 01:53 108690 c:\windows\system32\perfc009.dat
- 2010-10-16 01:26 . 2012-03-17 02:07 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-16 01:26 . 2012-03-20 14:16 466824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-27 19:02 . 2012-03-17 01:46 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 19:02 . 2012-03-19 00:40 7700480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-15 09:51 . 2012-03-20 14:17 20716124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1289396712-1149613695-2710581571-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-10-29 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NeroCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"11328"="c:\progra~3\LOCALS~1\Temp\msaigmwd.pif" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BCD3000 Control Panel.lnk - c:\program files\Behringer\BCD3000\Drivers\bcd3kcpan.exe [2012-1-13 548864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000Core.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1289396712-1149613695-2710581571-1000UA.job
- c:\users\AshiDo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-09 15:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DirectUpdate
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2127880
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\AshiDo\AppData\Roaming\Mozilla\Firefox\Profiles\i5u9oire.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SearchSource=10&ctid=CT2127880
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{92a2f4ec-51d2-4283-87d5-93b7005fc356} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{56D4614E-9449-45F7-8E02-783C66418938} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-LXBUCATS - \3\LXBUtime.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç0Ğ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1289396712-1149613695-2710581571-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ç0Ğ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,73,68,69,44,6f,5c,44,65,73,6b,74,6f,70,
5c,44,49,20,32,33,30,31,42,32,2e,77,61,76,00,63,00,31,00,32,00,38,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe
c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-03-20 14:24:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 14:24
ComboFix2.txt 2012-03-19 12:02
ComboFix3.txt 2012-03-19 00:48
ComboFix4.txt 2012-03-18 02:08
ComboFix5.txt 2012-03-20 14:02
.
Pre-Run: 200,138,792,960 bytes free
Post-Run: 200,160,047,104 bytes free
.
- - End Of File - - 7FCE5B726BC89CA2E63677B3995C37E1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users