Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected ?


  • Please log in to reply
28 replies to this topic

#1 M!5T3RM0U53

M!5T3RM0U53

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 October 2012 - 09:28 AM

I'm using an old pc.
My specs is win xp sp3 , 2gb ram, 250gb hd, AMD Athlon dual core 4400+.
I use multiple virusscans and anti malware apps like malware bytes, spy hunter, spybot, avg , avg pc tuneup, iobit malware scanner.

Yesterday, I downloaded this software " SoundTaxi". It was a pirate version with crack and an sys file which according to the instructions, I was supposed to place in the drivers folder in system32.
Then I ran all the scan and nothing.

Today I had normal AVG scheduled scan. Surprised as was to find 6 hidden rootkits. They were not easy to delete but i managed to delete 2 of the 6.
Then i ran all the scans and no one and absolutely no other app except avg can detect this rootkit. Not even malwarebytes.

Heres a link
Posted Image

I followed some other post on this website and downloaded tdsskiller but it could not find anything.
then I used MBRcheck and got this result>

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000017d

Kernel Drivers (total 131):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E5000 \windows\system32\hal.dll
0xB85A8000 \windows\system32\KDCOM.DLL
0xB84B8000 \windows\system32\BOOTVID.dll
0xB7EA6000 spjf.sys
0xB85AA000 \windows\System32\Drivers\WMILIB.SYS
0xB7E8E000 \windows\System32\Drivers\SCSIPORT.SYS
0xB7E60000 ACPI.sys
0xB7E4F000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E30000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E0A000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7DF2000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xB7DD2000 fltMgr.sys
0xB7DC0000 sr.sys
0xB80F8000 PxHelp20.sys
0xB7DA9000 KSecDD.sys
0xB7D96000 WudfPf.sys
0xB7D09000 Ntfs.sys
0xB7CDC000 NDIS.sys
0xB85AE000 sfhlp01.sys
0xB85B0000 prosync1.sys
0xB8108000 prohlp02.sys
0xB7CC2000 Mup.sys
0xB8338000 avgrkx86.sys
0xB84BC000 avgidshx.sys
0xB8148000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7058000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7044000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6FFD000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB6FD9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6FB6000 \SystemRoot\system32\DRIVERS\ks.sys
0xB6F8E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6F56000 \SystemRoot\System32\Drivers\azkylqph.SYS
0xB8420000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8188000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C8E000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6F42000 \SystemRoot\system32\DRIVERS\parport.sys
0xB8198000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB85CA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB87F0000 \SystemRoot\system32\DRIVERS\SndTVideo.sys
0xB8490000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xB81A8000 \SystemRoot\system32\drivers\SndTAudio.sys
0xB6F1E000 \SystemRoot\system32\drivers\portcls.sys
0xB81B8000 \SystemRoot\system32\drivers\drmk.sys
0xB87F7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6F07000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6EF6000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6E26000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6DC8000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C56000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8218000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4824000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8448000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8258000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xB85DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86F4000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8478000 \SystemRoot\System32\drivers\vga.sys
0xB85E6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6DA8000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB47C0000 \SystemRoot\system32\drivers\InCDFs.sys
0xB8388000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8398000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7C5A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB47AD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4754000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB46E4000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB46BE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4696000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4674000 \SystemRoot\System32\drivers\afd.sys
0xB8278000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4649000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8288000 \SystemRoot\System32\drivers\prodrv06.sys
0xB45D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8380000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xB82A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4501000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB8138000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB44B5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB43FD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB448D000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83F0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8779000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD45C000 \SystemRoot\System32\ATMFD.DLL
0xB3746000 \??\E:\Program Files\IObit\Protected Folder\pffilter.sys
0xB3767000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3501000 \SystemRoot\system32\drivers\wdmaud.sys
0xB37EF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8620000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8622000 \SystemRoot\System32\Drivers\TBPanel.SYS
0xB32C0000 \SystemRoot\System32\Drivers\adfs.SYS
0xB340B000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xB3178000 \SystemRoot\system32\DRIVERS\srv.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xB2F77000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xB1AF7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
1212 C:\WINDOWS\system32\smss.exe
1344 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
2008 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
444 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1096 C:\WINDOWS\system32\svchost.exe
1324 svchost.exe
1500 C:\WINDOWS\system32\svchost.exe
1552 C:\WINDOWS\system32\svchost.exe
1752 svchost.exe
1336 C:\WINDOWS\system32\spoolsv.exe
1084 C:\WINDOWS\explorer.exe
1820 C:\Program Files\AVG\AVG2012\avgfws.exe
1936 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
348 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
440 C:\WINDOWS\system32\nvsvc32.exe
1312 daemonu.exe
736 C:\WINDOWS\system32\svchost.exe
1808 C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
1520 C:\Program Files\AVG\AVG2012\avgidsagent.exe
1912 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
700 C:\Program Files\AVG\AVG2012\avgtray.exe
1192 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
948 C:\WINDOWS\system32\rundll32.exe
1492 C:\WINDOWS\system32\ctfmon.exe
2520 C:\Program Files\AVG\AVG2012\avgnsx.exe
3648 C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
3956 alg.exe
808 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
2192 E:\program files\uTorrent\uTorrent.exe
2564 C:\Program Files\AVG\AVG2012\avgui.exe
3716 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3508 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3936 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2620 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
496 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2496 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2896 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3444 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2380 C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop\MBRCheck.exe

\\.\C: --> error 1
\\.\D: --> error 1
\\.\E: --> error 1
\\.\F: --> error 1

PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.AAM

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Am still infected?? If yes how to solve,
Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 AM

Posted 11 October 2012 - 09:29 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 October 2012 - 11:44 AM

Tss killer log:


22:13:33.0468 3164 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:13:34.0109 3164 ============================================================
22:13:34.0109 3164 Current date / time: 2012/10/11 22:13:34.0109
22:13:34.0109 3164 SystemInfo:
22:13:34.0109 3164
22:13:34.0109 3164 OS Version: 5.1.2600 ServicePack: 3.0
22:13:34.0109 3164 Product type: Workstation
22:13:34.0109 3164 ComputerName: HOME-D5E004565A
22:13:34.0109 3164 UserName: Rishi
22:13:34.0109 3164 Windows directory: C:\windows
22:13:34.0109 3164 System windows directory: C:\windows
22:13:34.0109 3164 Processor architecture: Intel x86
22:13:34.0109 3164 Number of processors: 2
22:13:34.0109 3164 Page size: 0x1000
22:13:34.0109 3164 Boot type: Normal boot
22:13:34.0109 3164 ============================================================
22:13:35.0421 3164 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:13:35.0421 3164 ============================================================
22:13:35.0421 3164 \Device\Harddisk0\DR0:
22:13:35.0421 3164 MBR partitions:
22:13:35.0421 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
22:13:35.0437 3164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0xAFC6752
22:13:35.0453 3164 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1116E136, BlocksNum 0xAFC6752
22:13:35.0468 3164 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1C1348C7, BlocksNum 0xDD7A239
22:13:35.0468 3164 ============================================================
22:13:35.0468 3164 Initialize success
22:13:35.0468 3164 ============================================================
22:13:40.0093 1740 ============================================================
22:13:40.0093 1740 Scan started
22:13:40.0093 1740 Mode: Manual; TDLFS;
22:13:40.0093 1740 ============================================================
22:13:40.0625 1740 ================ Scan system memory ========================
22:13:40.0640 1740 System memory - ok
22:13:40.0640 1740 ================ Scan services =============================
22:13:40.0656 1740 Abiosdsk - ok
22:13:40.0656 1740 abp480n5 - ok
22:13:40.0671 1740 ACPI - ok
22:13:40.0687 1740 ACPIEC - ok
22:13:40.0687 1740 adfs - ok
22:13:40.0703 1740 AdobeFlashPlayerUpdateSvc - ok
22:13:40.0703 1740 adpu160m - ok
22:13:40.0718 1740 aec - ok
22:13:40.0718 1740 AFD - ok
22:13:40.0734 1740 Aha154x - ok
22:13:40.0734 1740 aic78u2 - ok
22:13:40.0750 1740 aic78xx - ok
22:13:40.0750 1740 Alerter - ok
22:13:40.0765 1740 ALG - ok
22:13:40.0765 1740 AliIde - ok
22:13:40.0781 1740 am7pro - ok
22:13:40.0796 1740 amsint - ok
22:13:40.0796 1740 AppMgmt - ok
22:13:40.0812 1740 asc - ok
22:13:40.0812 1740 asc3350p - ok
22:13:40.0812 1740 asc3550 - ok
22:13:40.0843 1740 aspnet_state - ok
22:13:40.0843 1740 AsyncMac - ok
22:13:40.0859 1740 atapi - ok
22:13:40.0859 1740 Atdisk - ok
22:13:40.0875 1740 Atmarpc - ok
22:13:40.0890 1740 AudioSrv - ok
22:13:40.0890 1740 audstub - ok
22:13:40.0906 1740 Avgfwdx - ok
22:13:40.0906 1740 Avgfwfd - ok
22:13:40.0921 1740 avgfws - ok
22:13:40.0921 1740 AVGIDSAgent - ok
22:13:40.0937 1740 AVGIDSDriver - ok
22:13:40.0937 1740 AVGIDSFilter - ok
22:13:40.0937 1740 AVGIDSHX - ok
22:13:40.0937 1740 AVGIDSShim - ok
22:13:40.0953 1740 Avgldx86 - ok
22:13:40.0953 1740 Avgmfx86 - ok
22:13:40.0953 1740 Avgrkx86 - ok
22:13:40.0968 1740 Avgtdix - ok
22:13:40.0968 1740 avgwd - ok
22:13:40.0968 1740 bcapiservice - ok
22:13:40.0984 1740 bc_service - ok
22:13:40.0984 1740 Beep - ok
22:13:40.0984 1740 BITS - ok
22:13:41.0000 1740 Browser - ok
22:13:41.0000 1740 Cardex - ok
22:13:41.0000 1740 cbidf2k - ok
22:13:41.0000 1740 cd20xrnt - ok
22:13:41.0000 1740 Cdaudio - ok
22:13:41.0015 1740 Cdfs - ok
22:13:41.0015 1740 Cdrom - ok
22:13:41.0031 1740 Changer - ok
22:13:41.0031 1740 CiSvc - ok
22:13:41.0031 1740 ClipSrv - ok
22:13:41.0046 1740 clr_optimization_v2.0.50727_32 - ok
22:13:41.0046 1740 CmdIde - ok
22:13:41.0062 1740 COMSysApp - ok
22:13:41.0062 1740 Cpqarray - ok
22:13:41.0078 1740 CryptSvc - ok
22:13:41.0078 1740 dac2w2k - ok
22:13:41.0093 1740 dac960nt - ok
22:13:41.0093 1740 DcomLaunch - ok
22:13:41.0109 1740 Dhcp - ok
22:13:41.0109 1740 Disk - ok
22:13:41.0125 1740 dmadmin - ok
22:13:41.0125 1740 dmboot - ok
22:13:41.0140 1740 dmio - ok
22:13:41.0140 1740 dmload - ok
22:13:41.0156 1740 dmserver - ok
22:13:41.0156 1740 DMusic - ok
22:13:41.0171 1740 Dnscache - ok
22:13:41.0187 1740 Dot3svc - ok
22:13:41.0187 1740 dpti2o - ok
22:13:41.0203 1740 drmkaud - ok
22:13:41.0203 1740 EagleNT - ok
22:13:41.0218 1740 EagleXNt - ok
22:13:41.0218 1740 EapHost - ok
22:13:41.0234 1740 eBoost - ok
22:13:41.0234 1740 ERSvc - ok
22:13:41.0250 1740 Eventlog - ok
22:13:41.0250 1740 EventSystem - ok
22:13:41.0265 1740 Fastfat - ok
22:13:41.0265 1740 FastUserSwitchingCompatibility - ok
22:13:41.0281 1740 fcdabus - ok
22:13:41.0281 1740 Fdc - ok
22:13:41.0296 1740 Fips - ok
22:13:41.0296 1740 FLEXnet Licensing Service - ok
22:13:41.0312 1740 Flpydisk - ok
22:13:41.0312 1740 FltMgr - ok
22:13:41.0328 1740 FontCache3.0.0.0 - ok
22:13:41.0343 1740 fsRamDsk - ok
22:13:41.0343 1740 Fs_Rec - ok
22:13:41.0359 1740 Ftdisk - ok
22:13:41.0359 1740 FVXSCSI - ok
22:13:41.0375 1740 ggflt - ok
22:13:41.0375 1740 ggsemc - ok
22:13:41.0390 1740 Gpc - ok
22:13:41.0390 1740 Gppcpssimskt - ok
22:13:41.0406 1740 gsplittm - ok
22:13:41.0406 1740 gupdate - ok
22:13:41.0421 1740 gupdatem - ok
22:13:41.0421 1740 HDAudBus - ok
22:13:41.0437 1740 helpsvc - ok
22:13:41.0437 1740 hkmsvc - ok
22:13:41.0453 1740 hpn - ok
22:13:41.0453 1740 HTTP - ok
22:13:41.0468 1740 HTTPFilter - ok
22:13:41.0468 1740 i2omgmt - ok
22:13:41.0484 1740 i2omp - ok
22:13:41.0484 1740 i8042prt - ok
22:13:41.0500 1740 IDriverT - ok
22:13:41.0515 1740 idsvc - ok
22:13:41.0515 1740 Imapi - ok
22:13:41.0515 1740 ImapiService - ok
22:13:41.0531 1740 InCDfs - ok
22:13:41.0546 1740 InCDPass - ok
22:13:41.0562 1740 InCDrec - ok
22:13:41.0562 1740 incdrm - ok
22:13:41.0578 1740 InCDsrv - ok
22:13:41.0578 1740 ini910u - ok
22:13:41.0593 1740 IntcAzAudAddService - ok
22:13:41.0609 1740 IntelIde - ok
22:13:41.0609 1740 Ip6Fw - ok
22:13:41.0625 1740 IpFilterDriver - ok
22:13:41.0625 1740 IpInIp - ok
22:13:41.0640 1740 IpNat - ok
22:13:41.0640 1740 IPSec - ok
22:13:41.0656 1740 IRENUM - ok
22:13:41.0656 1740 is3srv - ok
22:13:41.0671 1740 isapnp - ok
22:13:41.0671 1740 JavaQuickStarterService - ok
22:13:41.0687 1740 Kbdclass - ok
22:13:41.0687 1740 kmixer - ok
22:13:41.0703 1740 KSecDD - ok
22:13:41.0703 1740 LanmanServer - ok
22:13:41.0718 1740 lanmanworkstation - ok
22:13:41.0718 1740 lbrtfdc - ok
22:13:41.0734 1740 LmHosts - ok
22:13:41.0750 1740 MEMSWEEP2 - ok
22:13:41.0750 1740 Messenger - ok
22:13:41.0765 1740 Microsoft Office Groove Audit Service - ok
22:13:41.0765 1740 mnmdd - ok
22:13:41.0781 1740 mnmsrvc - ok
22:13:41.0796 1740 Modem - ok
22:13:41.0796 1740 Mouclass - ok
22:13:41.0812 1740 MountMgr - ok
22:13:41.0812 1740 MozillaMaintenance - ok
22:13:41.0828 1740 mraid35x - ok
22:13:41.0828 1740 MRxDAV - ok
22:13:41.0843 1740 MRxSmb - ok
22:13:41.0843 1740 MSDTC - ok
22:13:41.0859 1740 Msfs - ok
22:13:41.0875 1740 MSIServer - ok
22:13:41.0875 1740 MSKSSRV - ok
22:13:41.0890 1740 MSPCLOCK - ok
22:13:41.0890 1740 MSPQM - ok
22:13:41.0906 1740 mssmbios - ok
22:13:41.0906 1740 MTsensor - ok
22:13:41.0921 1740 Mup - ok
22:13:41.0921 1740 napagent - ok
22:13:41.0937 1740 NBService - ok
22:13:41.0937 1740 NDIS - ok
22:13:41.0953 1740 NdisTapi - ok
22:13:41.0953 1740 Ndisuio - ok
22:13:41.0968 1740 NdisWan - ok
22:13:41.0968 1740 NDProxy - ok
22:13:41.0984 1740 NetBIOS - ok
22:13:41.0984 1740 NetBT - ok
22:13:42.0000 1740 NetDDE - ok
22:13:42.0000 1740 NetDDEdsdm - ok
22:13:42.0015 1740 Netlogon - ok
22:13:42.0031 1740 Netman - ok
22:13:42.0031 1740 NetTcpPortSharing - ok
22:13:42.0046 1740 Nla - ok
22:13:42.0046 1740 NMIndexingService - ok
22:13:42.0062 1740 nmwcd - ok
22:13:42.0078 1740 nmwcdc - ok
22:13:42.0078 1740 Npfs - ok
22:13:42.0093 1740 npggsvc - ok
22:13:42.0093 1740 Ntfs - ok
22:13:42.0109 1740 NtLmSsp - ok
22:13:42.0109 1740 NtmsSvc - ok
22:13:42.0125 1740 Null - ok
22:13:42.0125 1740 nv - ok
22:13:42.0140 1740 NVSvc - ok
22:13:42.0140 1740 nvUpdatusService - ok
22:13:42.0156 1740 NwlnkFlt - ok
22:13:42.0156 1740 NwlnkFwd - ok
22:13:42.0171 1740 odserv - ok
22:13:42.0171 1740 ose - ok
22:13:42.0187 1740 Parport - ok
22:13:42.0203 1740 PartMgr - ok
22:13:42.0203 1740 ParVdm - ok
22:13:42.0218 1740 pccsmcfd - ok
22:13:42.0218 1740 PCI - ok
22:13:42.0234 1740 PCIDump - ok
22:13:42.0234 1740 PCIIde - ok
22:13:42.0250 1740 Pcmcia - ok
22:13:42.0250 1740 PDCOMP - ok
22:13:42.0265 1740 PDFRAME - ok
22:13:42.0265 1740 PDRELI - ok
22:13:42.0281 1740 PDRFRAME - ok
22:13:42.0281 1740 perc2 - ok
22:13:42.0296 1740 perc2hib - ok
22:13:42.0312 1740 PfFilter - ok
22:13:42.0328 1740 PlugPlay - ok
22:13:42.0328 1740 PnkBstrA - ok
22:13:42.0343 1740 PolicyAgent - ok
22:13:42.0359 1740 PptpMiniport - ok
22:13:42.0359 1740 Processor - ok
22:13:42.0375 1740 prodrv06 - ok
22:13:42.0375 1740 prohlp02 - ok
22:13:42.0390 1740 prosync1 - ok
22:13:42.0390 1740 ProtectedStorage - ok
22:13:42.0406 1740 PSched - ok
22:13:42.0406 1740 PSI_SVC_2 - ok
22:13:42.0421 1740 Ptilink - ok
22:13:42.0421 1740 PxHelp20 - ok
22:13:42.0437 1740 ql1080 - ok
22:13:42.0437 1740 Ql10wnt - ok
22:13:42.0437 1740 ql12160 - ok
22:13:42.0453 1740 ql1240 - ok
22:13:42.0453 1740 ql1280 - ok
22:13:42.0468 1740 RasAcd - ok
22:13:42.0468 1740 RasAuto - ok
22:13:42.0484 1740 Rasl2tp - ok
22:13:42.0484 1740 RasMan - ok
22:13:42.0500 1740 RasPppoe - ok
22:13:42.0500 1740 Raspti - ok
22:13:42.0515 1740 Rdbss - ok
22:13:42.0515 1740 RDPCDD - ok
22:13:42.0531 1740 rdpdr - ok
22:13:42.0546 1740 RDPWD - ok
22:13:42.0546 1740 RDSessMgr - ok
22:13:42.0562 1740 redbook - ok
22:13:42.0578 1740 RemoteAccess - ok
22:13:42.0593 1740 RemoteRegistry - ok
22:13:42.0593 1740 RichVideo - ok
22:13:42.0593 1740 RpcLocator - ok
22:13:42.0609 1740 RpcSs - ok
22:13:42.0609 1740 RSVP - ok
22:13:42.0625 1740 RTLE8023xp - ok
22:13:42.0640 1740 SamSs - ok
22:13:42.0640 1740 SCardSvr - ok
22:13:42.0656 1740 Schedule - ok
22:13:42.0656 1740 Secdrv - ok
22:13:42.0671 1740 seclogon - ok
22:13:42.0671 1740 SENS - ok
22:13:42.0687 1740 serenum - ok
22:13:42.0687 1740 Serial - ok
22:13:42.0703 1740 sfhlp01 - ok
22:13:42.0718 1740 Sfloppy - ok
22:13:42.0718 1740 SharedAccess - ok
22:13:42.0734 1740 ShellHWDetection - ok
22:13:42.0734 1740 Simbad - ok
22:13:42.0750 1740 SMServer - ok
22:13:42.0750 1740 SndTAudio - ok
22:13:42.0765 1740 SndTVideo - ok
22:13:42.0781 1740 Sparrow - ok
22:13:42.0781 1740 splitter - ok
22:13:42.0796 1740 Spooler - ok
22:13:42.0796 1740 sptd - ok
22:13:42.0796 1740 sr - ok
22:13:42.0812 1740 srservice - ok
22:13:42.0812 1740 Srv - ok
22:13:42.0828 1740 SSDPSRV - ok
22:13:42.0843 1740 stisvc - ok
22:13:42.0843 1740 swenum - ok
22:13:42.0859 1740 swmidi - ok
22:13:42.0859 1740 SwPrv - ok
22:13:42.0875 1740 symc810 - ok
22:13:42.0890 1740 symc8xx - ok
22:13:42.0890 1740 sym_hi - ok
22:13:42.0906 1740 sym_u3 - ok
22:13:42.0906 1740 sysaudio - ok
22:13:42.0921 1740 SysmonLog - ok
22:13:42.0921 1740 szkg5 - ok
22:13:42.0937 1740 szkgfs - ok
22:13:42.0953 1740 TapiSrv - ok
22:13:42.0953 1740 tbhsd - ok
22:13:42.0968 1740 TBPanel - ok
22:13:42.0968 1740 Tcpip - ok
22:13:42.0984 1740 TDPIPE - ok
22:13:42.0984 1740 TDTCP - ok
22:13:43.0000 1740 TermDD - ok
22:13:43.0000 1740 TermService - ok
22:13:43.0015 1740 Themes - ok
22:13:43.0015 1740 TlntSvr - ok
22:13:43.0031 1740 TosIde - ok
22:13:43.0031 1740 TrkWks - ok
22:13:43.0046 1740 TuneUp.UtilitiesSvc - ok
22:13:43.0062 1740 TuneUpUtilitiesDrv - ok
22:13:43.0062 1740 tunmp - ok
22:13:43.0078 1740 Udfs - ok
22:13:43.0078 1740 ultra - ok
22:13:43.0093 1740 Update - ok
22:13:43.0093 1740 upnphost - ok
22:13:43.0109 1740 upperdev - ok
22:13:43.0109 1740 UPS - ok
22:13:43.0125 1740 usbccgp - ok
22:13:43.0140 1740 usbehci - ok
22:13:43.0140 1740 usbhub - ok
22:13:43.0156 1740 usbohci - ok
22:13:43.0156 1740 usbprint - ok
22:13:43.0171 1740 usbscan - ok
22:13:43.0171 1740 usbser - ok
22:13:43.0187 1740 UsbserFilt - ok
22:13:43.0187 1740 USBSTOR - ok
22:13:43.0203 1740 VgaSave - ok
22:13:43.0203 1740 ViaIde - ok
22:13:43.0218 1740 VolSnap - ok
22:13:43.0218 1740 VSS - ok
22:13:43.0218 1740 vtany - ok
22:13:43.0234 1740 vToolbarUpdater - ok
22:13:43.0250 1740 W32Time - ok
22:13:43.0265 1740 Wanarp - ok
22:13:43.0281 1740 Wdf01000 - ok
22:13:43.0281 1740 WDICA - ok
22:13:43.0296 1740 wdmaud - ok
22:13:43.0296 1740 WebClient - ok
22:13:43.0312 1740 winmgmt - ok
22:13:43.0328 1740 WinRing0_1_2_0 - ok
22:13:43.0343 1740 WmdmPmSN - ok
22:13:43.0359 1740 Wmi - ok
22:13:43.0375 1740 WmiApSrv - ok
22:13:43.0375 1740 WMPNetworkSvc - ok
22:13:43.0390 1740 WpdUsb - ok
22:13:43.0406 1740 wscsvc - ok
22:13:43.0406 1740 wuauserv - ok
22:13:43.0421 1740 WudfPf - ok
22:13:43.0421 1740 WudfRd - ok
22:13:43.0437 1740 WudfSvc - ok
22:13:43.0437 1740 WZCSVC - ok
22:13:43.0453 1740 xcvaesyz - ok
22:13:43.0453 1740 XDva252 - ok
22:13:43.0468 1740 XDva375 - ok
22:13:43.0468 1740 XDva390 - ok
22:13:43.0484 1740 XDva391 - ok
22:13:43.0484 1740 XDva398 - ok
22:13:43.0500 1740 xhunter1 - ok
22:13:43.0515 1740 xmlprov - ok
22:13:43.0515 1740 xsherlock - ok
22:13:43.0531 1740 ================ Scan global ===============================
22:13:43.0531 1740 [Global] - ok
22:13:43.0531 1740 ================ Scan MBR ==================================
22:13:43.0562 1740 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:13:43.0968 1740 \Device\Harddisk0\DR0 - ok
22:13:43.0968 1740 ================ Scan VBR ==================================
22:13:43.0984 1740 [ 3A28C5B78A271AF4E0789001765E4674 ] \Device\Harddisk0\DR0\Partition1
22:13:43.0984 1740 \Device\Harddisk0\DR0\Partition1 - ok
22:13:44.0000 1740 [ ACFE4BFCB9B848B4DE94F309D098F094 ] \Device\Harddisk0\DR0\Partition2
22:13:44.0015 1740 \Device\Harddisk0\DR0\Partition2 - ok
22:13:44.0031 1740 [ 8546C9FA30EC878E0546ACF9F51DBE6D ] \Device\Harddisk0\DR0\Partition3
22:13:44.0046 1740 \Device\Harddisk0\DR0\Partition3 - ok
22:13:44.0062 1740 [ DD6FBC0CFC03365F8C6DACF71AA582CE ] \Device\Harddisk0\DR0\Partition4
22:13:44.0062 1740 \Device\Harddisk0\DR0\Partition4 - ok
22:13:44.0078 1740 ============================================================
22:13:44.0078 1740 Scan finished
22:13:44.0078 1740 ============================================================
22:13:44.0078 1400 Detected object count: 0
22:13:44.0093 1400 Actual detected object count: 0
22:13:46.0875 1040 Deinitialize success

#4 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 11 October 2012 - 12:32 PM

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 21:19:21
-----------------------------
21:19:21.203 OS Version: Windows 5.1.2600 Service Pack 3
21:19:21.203 Number of processors: 2 586 0x6B01
21:19:21.203 ComputerName: HOME-D5E004565A UserName: Rishi
21:19:21.531 Initialize success
21:58:53.625 AVAST engine defs: 12101100
22:11:09.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
22:11:09.296 Disk 0 Vendor: ST3360320AS 3.AAM Size: 343399MB BusType: 3
22:11:09.296 Disk 0 MBR read successfully
22:11:09.296 Disk 0 MBR scan
22:11:09.328 Disk 0 Windows XP default MBR code
22:11:09.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
22:11:09.343 Disk 0 Partition - 00 0F Extended LBA 293390 MB offset 102398310
22:11:09.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89996 MB offset 102398373
22:11:09.359 Disk 0 Partition - 00 05 Extended 89996 MB offset 286712055
22:11:09.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 89996 MB offset 286712118
22:11:09.375 Disk 0 Partition - 00 05 Extended 113396 MB offset 655339545
22:11:09.390 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 113396 MB offset 471025863
22:11:09.406 Disk 0 scanning sectors +703261440
22:11:09.468 Disk 0 scanning C:\windows\system32\drivers
22:11:16.000 Service scanning
22:11:28.921 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
22:11:32.062 Modules scanning
22:11:35.718 Disk 0 trace - called modules:
22:11:35.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spjf.sys >>UNKNOWN [0x8ad81938]<<
22:11:35.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad28ab8]
22:11:35.734 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000082[0x8adb4578]
22:11:35.734 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8ad3bd98]
22:11:35.734 \Driver\atapi[0x8ad459c8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xb85b0661]
22:11:36.062 AVAST engine scan C:\windows
22:11:45.078 AVAST engine scan C:\windows\system32
22:15:34.140 AVAST engine scan C:\windows\system32\drivers
22:15:43.859 AVAST engine scan C:\Documents and Settings\Rishi.HOME-D5E004565A.000
22:29:06.593 AVAST engine scan C:\Documents and Settings\All Users
22:35:04.859 Scan finished successfully
23:00:49.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop\MBR.dat"
23:00:49.968 The log file has been saved successfully to "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop\aswMBR.txt"

#5 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 02:16 AM

ESET scan results , I ran it twice.

First result:

C:\desk\Unused Desktop Shortcuts\Trojan.Killer.2.0.6.7\Trojan.Killer.2.0.6.7\trojankiller-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop\Folders\Unused Desktop Shortcuts\Trojan.Killer.2.0.6.7\Trojan.Killer.2.0.6.7\trojankiller-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
E:\Downloads\SpyEraser v2.0.1.1531\SpyEraser v2.0.1.1531\spyeraser.exe a variant of Win32/UbSpyEraser application cleaned by deleting - quarantined
E:\f drive\Installs exe format\Internet\gluz.exe multiple threats cleaned by deleting - quarantined


Second results:

E:\Games\SplinterConv\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
E:\program files\Uniblue\SpyEraser\SpyEraser.exe a variant of Win32/UbSpyEraser application cleaned by deleting - quarantined
E:\program files\Uniblue\SpyEraser\SpyEraser.exe.bak a variant of Win32/UbSpyEraser application cleaned by deleting - quarantined
E:\RECYCLER\S-1-5-21-1957994488-287218729-1417001333-1009\De82\trojankiller.exe.BAK a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\captcha.class.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\dbConnect.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\dependent.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\download.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\error.class.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\fileBrowser.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\filter.class.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\formclass.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\general.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\language.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\mail.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\module.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\session.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\settings.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\spyc.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\template.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\themes.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\upload.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\user.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\validate.php PHP/Obfuscated.F application cleaned by deleting - quarantined
E:\zedge.net_clone_4web.ws\zedge.net_clone\classes_\validator.php PHP/Obfuscated.F application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 AM

Posted 12 October 2012 - 05:36 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 07:23 AM

Minitoolbox log


MiniToolBox by Farbar Version: 23-07-2012
Ran by Rishi (administrator) on 12-10-2012 at 17:47:51
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"extensions.charles.settings.disabled.network.proxy.http", ""
"extensions.charles.settings.disabled.network.proxy.http_port", 0
"extensions.charles.settings.disabled.network.proxy.no_proxies_on", "localhost, 127.0.0.1"
"extensions.charles.settings.disabled.network.proxy.share_proxy_settings", false
"extensions.charles.settings.disabled.network.proxy.socks", ""
"extensions.charles.settings.disabled.network.proxy.socks_port", 0
"extensions.charles.settings.disabled.network.proxy.ssl", ""
"extensions.charles.settings.disabled.network.proxy.ssl_port", 0
"extensions.charles.settings.disabled.network.proxy.type", 5
"extensions.charles.settings.enabled.network.proxy.http", "127.0.0.1"
"extensions.charles.settings.enabled.network.proxy.http_port", 8888
"extensions.charles.settings.enabled.network.proxy.no_proxies_on", ""
"extensions.charles.settings.enabled.network.proxy.share_proxy_settings", false
"extensions.charles.settings.enabled.network.proxy.socks", ""
"extensions.charles.settings.enabled.network.proxy.socks_port", 0
"extensions.charles.settings.enabled.network.proxy.ssl", "127.0.0.1"
"extensions.charles.settings.enabled.network.proxy.ssl_port", 8888
"extensions.charles.settings.enabled.network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



::1 localhost

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com

There are 15246 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=59.185.3.12 register=PRIMARY
add dns name="Local Area Connection" addr=59.185.3.10 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-d5e004565a

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-1E-8C-15-8A-E6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 59.185.3.12

59.185.3.10

Lease Obtained. . . . . . . . . . : Friday, October 12, 2012 12:51:01 AM

Lease Expires . . . . . . . . . . : Saturday, October 13, 2012 12:51:01 AM

Server: mumns4.mtnl.net.in
Address: 59.185.3.12

Name: google.com
Addresses: 173.194.36.6, 173.194.36.7, 173.194.36.8, 173.194.36.9
173.194.36.14, 173.194.36.0, 173.194.36.1, 173.194.36.2, 173.194.36.3
173.194.36.4, 173.194.36.5



Pinging google.com [173.194.36.5] with 32 bytes of data:



Reply from 173.194.36.5: bytes=32 time=11ms TTL=57

Reply from 173.194.36.5: bytes=32 time=7ms TTL=57



Ping statistics for 173.194.36.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 11ms, Average = 9ms

DNS request timed out.
timeout was 2 seconds.
Server: mumns2.mtnl.net.in
Address: 59.185.3.10

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=897ms TTL=47

Reply from 98.139.183.24: bytes=32 time=828ms TTL=47



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 828ms, Maximum = 897ms, Average = 862ms

Server: mumns4.mtnl.net.in
Address: 59.185.3.12

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 8c 15 8a e6 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2012 00:59:25 PM) (Source: Application Error) (User: )
Description: Faulting application turatingsynch.exe, version 12.0.4000.108, faulting module maincontrols.bpl, version 12.0.4000.108, fault address 0x0001cd02.
Processing media-specific event for [turatingsynch.exe!ws!]

Error: (10/09/2012 06:05:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/29/2012 03:31:56 PM) (Source: Application Error) (User: )
Description: Faulting application spyhunter3.exe, version 1.0.33.0, faulting module spyhunter3.exe, version 1.0.33.0, fault address 0x0003c308.
Processing media-specific event for [spyhunter3.exe!ws!]

Error: (09/25/2012 10:11:31 PM) (Source: Application Error) (User: )
Description: Faulting application turatingsynch.exe, version 12.0.4000.108, faulting module maincontrols.bpl, version 12.0.4000.108, fault address 0x0001cd02.
Processing media-specific event for [turatingsynch.exe!ws!]

Error: (09/25/2012 10:00:44 PM) (Source: MsiInstaller) (User: HOME-D5E004565A)HOME-D5E004565A
Description: Product: WWE RAW - Total Edition -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\WWE RAW - Total Edition.msi

Error: (09/23/2012 09:21:09 PM) (Source: Application Error) (User: )
Description: Faulting application conviction_game.exe, version 0.0.0.0, faulting module lead3dengine.dll, version 0.0.0.0, fault address 0x0001a685.
Processing media-specific event for [conviction_game.exe!ws!]

Error: (09/23/2012 07:25:12 PM) (Source: ESENT) (User: )
Description: svchost (1440) An attempt to open the file "C:\windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/21/2012 09:56:08 PM) (Source: Application Error) (User: )
Description: Faulting application fifa10.exe, version 0.0.0.0, faulting module fifa10.exe, version 0.0.0.0, fault address 0x0020fb9f.
Processing media-specific event for [fifa10.exe!ws!]

Error: (09/17/2012 08:22:02 PM) (Source: Application Error) (User: )
Description: Faulting application proxyswitcher.exe, version 3.12.1.4819, faulting module proxyswitcher.exe, version 3.12.1.4819, fault address 0x000033b4.
Processing media-specific event for [proxyswitcher.exe!ws!]

Error: (09/17/2012 08:22:00 PM) (Source: Application Error) (User: )
Description: Faulting application proxyswitcher.exe, version 3.12.1.4819, faulting module proxyswitcher.exe, version 3.12.1.4819, fault address 0x000033b4.
Processing media-specific event for [proxyswitcher.exe!ws!]


System errors:
=============
Error: (10/12/2012 05:12:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/12/2012 04:00:58 PM) (Source: DCOM) (User: HOME-D5E004565A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/12/2012 00:12:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/12/2012 01:12:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/12/2012 00:51:45 AM) (Source: Service Control Manager) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%87

Error: (10/12/2012 00:51:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eBoost
szkg5
szkgfs

Error: (10/12/2012 00:51:26 AM) (Source: Service Control Manager) (User: )
Description: The Art*Money*Pro service failed to start due to the following error:
%%3

Error: (10/11/2012 11:57:34 PM) (Source: DCOM) (User: HOME-D5E004565A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/11/2012 08:12:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/11/2012 06:52:50 PM) (Source: DCOM) (User: HOME-D5E004565A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.20
Acoustica Effects Pack (Version: 1.0)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PageMaker 7.0 (Version: 7.0.1a)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced IP Scanner v1.5
Akamai NetSession Interface
All Video Sound Extractor 3.5
Allok AVI DivX MPEG to DVD Converter 2.2.0429
AMR Player 1.3
AoA Audio Extractor 2.0
ATI - Software Uninstall Utility (Version: 6.14.10.1018)
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Control Center (Version: 2.007.0821.2145)
ATI Parental Control & Encoder (Version: 3.0)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
AVG PC TuneUp (Version: 12.0.4000.108)
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108)
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
Catalyst Control Center Core Implementation (Version: 2007.0821.2146.36991)
Catalyst Control Center Graphics Full Existing (Version: 2007.0821.2146.36991)
Catalyst Control Center Graphics Full New (Version: 2007.0821.2146.36991)
Catalyst Control Center Graphics Light (Version: 2007.0821.2146.36991)
Catalyst Control Center Graphics Previews Common (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Czech (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Danish (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Dutch (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Finnish (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization French (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization German (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Greek (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Hungarian (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Italian (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Japanese (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Korean (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Norwegian (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Polish (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Portuguese (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Russian (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Spanish (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Swedish (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Thai (Version: 2007.0821.2146.36991)
Catalyst Control Center Localization Turkish (Version: 2007.0821.2146.36991)
ccc-core-preinstall (Version: 2007.0821.2146.36991)
ccc-core-static (Version: 2007.0821.2146.36991)
ccc-utility (Version: 2007.0821.2146.36991)
CCC Help Chinese Standard (Version: 2007.0821.2145.36991)
CCC Help Chinese Traditional (Version: 2007.0821.2145.36991)
CCC Help Czech (Version: 2007.0821.2145.36991)
CCC Help Danish (Version: 2007.0821.2145.36991)
CCC Help Dutch (Version: 2007.0821.2145.36991)
CCC Help English (Version: 2007.0821.2145.36991)
CCC Help Finnish (Version: 2007.0821.2145.36991)
CCC Help French (Version: 2007.0821.2145.36991)
CCC Help German (Version: 2007.0821.2145.36991)
CCC Help Greek (Version: 2007.0821.2145.36991)
CCC Help Hungarian (Version: 2007.0821.2145.36991)
CCC Help Italian (Version: 2007.0821.2145.36991)
CCC Help Japanese (Version: 2007.0821.2145.36991)
CCC Help Korean (Version: 2007.0821.2145.36991)
CCC Help Norwegian (Version: 2007.0821.2145.36991)
CCC Help Polish (Version: 2007.0821.2145.36991)
CCC Help Portuguese (Version: 2007.0821.2145.36991)
CCC Help Russian (Version: 2007.0821.2145.36991)
CCC Help Spanish (Version: 2007.0821.2145.36991)
CCC Help Swedish (Version: 2007.0821.2145.36991)
CCC Help Thai (Version: 2007.0821.2145.36991)
CCC Help Turkish (Version: 2007.0821.2145.36991)
CCScore (Version: 7.00.0000.0001)
Cheat Engine 6.1
Ciprico VST 2008 (Version: 4.1.0.0)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Connect (Version: 1.0.0.1)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0)
CorelDRAW Graphics Suite X4 - Content (Version: 14.0)
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0)
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0)
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0)
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0)
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0)
CorelDRAW Graphics Suite X4 - PP (Version: 14.0)
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0)
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0)
Critical Update for Windows Media Player 11 (KB959772)
DC++ 0.750 (Version: 0.750)
DivX Setup (Version: 2.1.2.2)
DJ Twist & Burn
Easy Duplicate Finder v. 3.1
Easy GIF Animator 5.02 (Version: Easy GIF Animator 5.0)
EAX Unified
Epson Easy Photo Print 2 (Version: 2.0.0.0)
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON TX101 Printer Uninstall
ESET Online Scanner v3
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESScore (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Exact Audio Copy 1.0beta3 (Version: 1.0beta3)
fflink (Version: 6.02.1001.0001)
FIFA 09 (Version: 1.0.1.1)
FIFA 10 (Version: 1.0.0.0)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Fraps (remove only)
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
GameShadow V3.1 (Version: 3.00.000)
GIF Construction Set Professional 3
GOM Player (Version: 2.1.43.5119)
Google Chrome (Version: 16.0.912.75)
Google Talk Plugin (Version: 3.3.2.8436)
Google Update Helper (Version: 1.3.21.123)
Hard Disk Sentinel PRO
HijackThis 2.0.2 (Version: 2.0.2)
Hitman Blood Money
Hitman Pro 3.5 (Version: 3.5.9.129)
Jasc Animation Shop 3 (Version: 3.11)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 33 (Version: 6.0.330)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Codec Pack 6.7.0 (Full) (Version: 6.7.0)
Kodak EasyShare software
Korean Language Support
kuler (Version: 2.0)
Lock my Folder
Major League Baseball 2K9
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Max Payne 2 (Version: 1.0.97)
MessengerData WMP Plugin (Version: 1.1.0.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Device Emulator version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Movavi Video Editor 4 (Version: 4.00.000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MP3 Cutter Joiner 3.00
MP3 Splitter & Joiner
Mpeg Layer3 Codec FHG-Radium v1.263
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Nasty File Remover v0.71 (remove only)
Native Instruments Guitar Rig 3
Native Instruments Service Center
Nero 7 Essentials (Version: 7.02.8507)
neroxml (Version: 1.0.0)
netbrdg (Version: 7.01.0000.0001)
Nokia PC Suite (Version: 6.84.10.3)
NoteBurner 2.25
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA nView 136.28 (Version: 136.28)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OfotoXMI (Version: 7.02.0000.0001)
Opera 11.01 (Version: 11.01.1190)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Presto! MaxReader 4.5 LE (Version: 4.50.00)
Protected Folder
Pure (Version: 1.0)
QuickTime (Version: 7.50.61.0)
RapidLeecher (Version: 5.1)
RAR Repair Tool v.4.0.1
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5391)
RegCure 1.6.0.0 (Version: 1.6.0.0)
Seagate Manager Installer (Version: 2.01.0076)
SecurDisc Viewer (Version: 7.02.8511)
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
Shockwave
Simple Shutdown Timer (Version: 1.1.2)
skin0001 (Version: 8.00.0000.0001)
Skins (Version: 2007.0821.2146.36991)
SKINXSDK (Version: 7.01.0000.0001)
Sonarca Sound Recorder Free 3.8.1
Sony Ericsson Update Service (Version: 2.11.6.12)
Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)
Sothink SWF Quicker (Version: 5.0)
SoulSeek Client 156c
SoundTaxi 3.8.2
SpyHunter (Version: 3.8.21)
staticcr (Version: 8.00.0000.0001)
STREET FIGHTER IV BENCHMARK (Version: 1.00.0000)
Suite Shared Configuration CS4 (Version: 1.0)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.4.26.0)
Tally 9 (Version: )
Theme Manager (Free)
Tom Clancy's Splinter Cell Conviction (Version: 1.03.000)
Ubisoft Game Launcher (Version: 1.0.0.0)
uMusic (Version: 0.3)
Uniblue DriverScanner (Version: 4.0.9.10)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VDOTool 6.1
Video Edit Magic 4
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
VLC media player 0.9.8a (Version: 0.9.8a)
VPRINTOL (Version: 7.01.0000.0001)
Warcraft III
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)
Windows PowerShell™ 1.0 (Version: 2)
WIRELESS (Version: 7.02.0000.0001)
WWE RAW - Total Edition (Version: 1.0)
Xbox 360 Controller for Windows
Xilisoft MKV Converter (Version: 5.1.26.0814)
Xilisoft Video Cutter (Version: 1.0.34.1225)
XP Registry Cleaner 2.0
Yahoo! Messenger
YouTube FLV to AVI converter Pro 2.2.5
Zip Repair Pro (Version: 4.2.0.952)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2046.42 MB
Available physical RAM: 1296.71 MB
Total Pagefile: 3938.78 MB
Available Pagefile: 3107.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.07 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:48.83 GB) (Free:11.83 GB) NTFS
3 Drive d: (Music) (Fixed) (Total:87.89 GB) (Free:14.98 GB) NTFS
4 Drive e: (Movies) (Fixed) (Total:87.89 GB) (Free:38.03 GB) NTFS
5 Drive f: (Installs) (Fixed) (Total:110.74 GB) (Free:14.87 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-D5E004565A

Administrator Guest HelpAssistant
Rishi SUPPORT_388945a0 UpdatusUser

========================= Restore Points ==================================

25-09-2012 16:30:44 Removed WWE RAW - Total Edition.
25-09-2012 16:36:06 Installed DirectX
25-09-2012 17:27:13 Installed Charles 3.6.5
27-09-2012 06:42:07 System Checkpoint
27-09-2012 08:28:16 Installed GTA San Andreas
27-09-2012 12:40:07 Removed GTA San Andreas
27-09-2012 12:40:43 Removed FIFA 11
28-09-2012 16:56:45 System Checkpoint
29-09-2012 04:26:14 Installed DarkBloodOnline
29-09-2012 05:56:12 Removed DarkBloodOnline
30-09-2012 06:31:38 System Checkpoint
01-10-2012 10:09:15 System Checkpoint
02-10-2012 13:44:41 Installed DirectX
02-10-2012 13:53:11 Installed Pure
03-10-2012 14:10:37 System Checkpoint
04-10-2012 14:13:26 System Checkpoint
05-10-2012 14:14:02 System Checkpoint
06-10-2012 16:00:40 System Checkpoint
07-10-2012 16:28:15 System Checkpoint
08-10-2012 17:11:58 System Checkpoint
10-10-2012 05:35:52 System Checkpoint
10-10-2012 17:45:46 Software Distribution Service 3.0
11-10-2012 20:49:24 System Checkpoint
12-10-2012 06:18:34 Uninstalled Sony Ericsson Drivers
12-10-2012 06:19:06 Installed Sony Ericsson Drivers
12-10-2012 11:18:50 Removed Charles 3.6.5

**** End of log ****

#8 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 07:28 AM

Farbar Service Scanner log:

Farbar Service Scanner Version: 07-10-2012
Ran by Rishi (administrator) on 12-10-2012 at 17:56:54
Running from "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(13) Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0D0000000500000001000000020000000300000004000000080000000B000000090000000C0000000D0000000A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#9 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 07:43 AM

Junkware Logs

Junkware Removal Tool (JRT) by Thisisu
Version: 1.4.9 (10.12.2012)
OS: Microsoft Windows XP x86
Ran by Rishi on Fri 10/12/2012 at 17:58:54.60
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] "hkey_current_user\software\conduit"
Successfully deleted: [KEY] "hkey_current_user\software\smartbar"
Successfully deleted: [KEY] "hkey_current_user\software\softonic"
Successfully deleted: [KEY] "hkey_local_machine\software\babylon"
Successfully deleted: [KEY] "hkey_local_machine\software\conduit"
Successfully deleted: [KEY] hkey_classes_root\appid\{09c554c3-109b-483c-a06b-f14172f1a947}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [KEY] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [KEY] hkey_classes_root\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}



*** Files:

Successfully deleted: [FILE] C:\Program Files\conduit\community alerts\Alert.dll



*** Folders:

Successfully deleted: [FOLDER] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [FOLDER] "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Application Data\babylon"
Successfully deleted: [FOLDER] "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\babylon"
Successfully deleted: [FOLDER] "C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Local Settings\Application Data\conduit"
Successfully deleted: [FOLDER] "C:\Program Files\conduit"



*** Ask Toolbar Cleanup:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [KEY] "hkey_current_user\software\ask.com"
Successfully deleted: [FILE] C:\Program Files\ask.com\cb_12b.ico
Successfully deleted: [FILE] C:\Program Files\ask.com\cobrand.ico
Successfully deleted: [FILE] C:\Program Files\ask.com\config.xml
Successfully deleted: [FILE] C:\Program Files\ask.com\favicon.ico
Successfully deleted: [FILE] C:\Program Files\ask.com\fv_12a.ico
Successfully deleted: [FILE] C:\Program Files\ask.com\mupcfg.xml
Successfully deleted: [FILE] C:\Program Files\ask.com\SaUpdate.exe
Successfully deleted: [FILE] C:\Program Files\ask.com\UpdateTask.exe
Successfully deleted: [FOLDER] "C:\Program Files\ask.com"



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 10/12/2012 at 18:12:11.32
End of Report

#10 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 09:12 AM

Malwarebytes log:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rishi :: HOME-D5E004565A [administrator]

10/12/2012 6:14:31 PM
mbam-log-2012-10-12 (18-14-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 527443
Time elapsed: 1 hour(s), 25 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
E:\Mobile stuff\MonitorOff.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Mobile stuff\MonitorOff\MonitorOff.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\RECYCLER\S-1-5-21-1957994488-287218729-1417001333-500\De2.97\OFFICE\FINDFAST.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)


btw, just had a avg scheduled and its still showing the 6 rootkits.

#11 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 09:25 AM

MY PC did not restart and gave multiple Bad pool caller BSOD . Then I turned off my pc and turned back on after 5 mins.

ADwcleaner logs : (

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 19:44:05
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Rishi - HOME-D5E004565A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rishi.HOME-D5E004565A.000\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

-\\ Google Chrome v16.0.912.75

-\\ Opera v [Unable to get version]

*************************

AdwCleaner[S2].txt - [5181 octets] - [12/10/2012 19:44:05]

########## EOF - C:\AdwCleaner[S2].txt - [5241 octets] ##########

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 AM

Posted 12 October 2012 - 10:46 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Download

System look

Launch it and copy this script in the BOX

:filefind
spjf.sys

Click on LOOK,post the generated log

#13 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 12:18 PM

rkill log


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 10:46:48 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* HidServ [Missing ServiceDLL Value]

Searching for Missing Digital Signatures:

* C:\windows\System32\sfcfiles.dll [NoSig]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

20 out of 15267 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 10/12/2012 10:47:39 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)

#14 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 12:22 PM

Autoruns log


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "Hard Disk Sentinel" "Hard Disk Sentinel Engine" "H.D.S. Hungary" "c:\program files\hard disk sentinel\hdsentinel.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "e:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "AVG Shredder Shell Extension" "AVG Shredder Shell Extension" "AVG" "c:\program files\avg\avg pc tuneup\sdshelex-win32.dll"
+ "Cover Designer" "Cover Designer" "Nero AG" "c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll"
+ "EPP" "" "SEIKO EPSON CORPORATION" "c:\program files\epson software\easy photo print\eppshell.dll"
+ "InCDShellExt" "InCD" "Nero AG" "c:\program files\nero\nero 7\incd\incdshx.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero 7\nero backitup\nbshell.dll"
+ "PfMenu" "Protected Folder Shell Extension" "IObit" "e:\program files\iobit\protected folder\pfshellextension.dll"
+ "WinRAR" "" "" "e:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "InCDUdfPerm" "InCD" "Nero AG" "c:\program files\nero\nero 7\incd\incdup.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "e:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "e:\program files\7-zip\7-zip.dll"
+ "AVG Disk Space Explorer Shell Extension" "AVG Disk Space Explorer Shell Extension" "AVG" "c:\program files\avg\avg pc tuneup\dseshext-x86.dll"
+ "AVG Shredder Shell Extension" "AVG Shredder Shell Extension" "AVG" "c:\program files\avg\avg pc tuneup\sdshelex-win32.dll"
+ "InCDShellExt" "InCD" "Nero AG" "c:\program files\nero\nero 7\incd\incdshx.dll"
+ "PfMenu" "Protected Folder Shell Extension" "IObit" "e:\program files\iobit\protected folder\pfshellextension.dll"
+ "WinRAR" "" "" "e:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "e:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "e:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 136.28 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "VDOToolShlExt" "TBPanelExt Module" "" "c:\program files\vdotool\tbpanelext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "CDR Column Provider" "Windows XP Shell Extension" "Corel Corporation" "c:\program files\common files\corel\shared\shell extension\shellxp.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "InCDShellExt" "InCD" "Nero AG" "c:\program files\nero\nero 7\incd\incdshx.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "e:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero 7\nero backitup\nbshell.dll"
+ "PfMenu" "Protected Folder Shell Extension" "IObit" "e:\program files\iobit\protected folder\pfshellextension.dll"
+ "WinRAR" "" "" "e:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NBShellHook" "Nero BackItUp" "Nero AG" "c:\program files\nero\nero 7\nero backitup\nbshell.dll"
+ "WinRAR" "" "" "e:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "InCDUdfPerm" "InCD" "Nero AG" "c:\program files\nero\nero 7\incd\incdup.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Easy Photo Print" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files\epson software\easy photo print\eptbl.dll"
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "FG2CatchUrl" "BHOCatch" "FlashGet" "e:\program files\flashget\comdlls\bhocatch.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "EPTBL" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files\epson software\easy photo print\eptbl.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "Rip YouTube file embedded in this page" "YouTubeRipper Module" "" "e:\program files\soundtaxi\youtuberipper.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Sothink SWF Catcher" "" "" "c:\program files\common files\sourcetec\swf catcher\internetexplorer.htm"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
X "DriverScanner.job" "Uniblue DriverScanner Monitor" "Uniblue Systems Limited" "e:\program files\uniblue\driverscanner\dsmonitor.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "RegCure.job" "RegCure Application" "" "c:\program files\regcure\regcure.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avgfws" "AVG Firewall Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgfws.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "NVSvc" "NVIDIA Driver Helper Service, Version 306.23" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files\nvidia corporation\nvidia update core\daemonu.exe"
+ "SMServer" "SMServer" "SMServer" "c:\windows\system32\snmvtsvc.exe"
+ "TuneUp.UtilitiesSvc" "This service analyzes the usage of your computer in the background, enabling automatic usage-dependent optimizations. All of its functions can be set in AVG PC TuneUp. If you stop or disable this service, parts of AVG PC TuneUp will not work anymore." "AVG" "c:\program files\avg\avg pc tuneup\tuneuputilitiesservice32.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys"
+ "am7pro" "" "" "File not found: E:\Games\ArtMoney\artmoney733.sys"
+ "Avgfwdx" "AVG Firewall intermediate miniport driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwdx.sys"
+ "Avgfwfd" "AVG Firewall intermediate miniport driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwdx.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "Cardex" "Display Control Program" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\tbpanel.sys"
+ "Changer" "" "" "File not found: C:\windows\System32\Drivers\Changer.sys"
+ "EagleNT" "" "" "File not found: C:\WINDOWS\system32\drivers\EagleNT.sys"
+ "EagleXNt" "" "" "File not found: C:\windows\system32\drivers\EagleXNt.sys"
+ "eBoost" "" "" "File not found: system32\drivers\eBoost.sys"
+ "fcdabus" "" "" "File not found: system32\DRIVERS\fcdabus.sys"
+ "fsRamDsk" "" "" "File not found: system32\DRIVERS\fsRamDsk.sys"
+ "FVXSCSI" "" "" "File not found: system32\DRIVERS\fvxscsi.sys"
+ "gaexsiqi" "" "" "File not found: System32\drivers\dsvpuep.sys"
+ "ggflt" "SEMC USB Flash Driver Filter" "Sony Ericsson Mobile Communications" "c:\windows\system32\drivers\ggflt.sys"
+ "ggsemc" "SEMC USB Flash Driver" "Sony Ericsson Mobile Communications" "c:\windows\system32\drivers\ggsemc.sys"
+ "Gppcpssimskt" "" "" "File not found: C:\windows\System32\Drivers\Gppcpssimskt.sys"
+ "gsplittm" "" "" "File not found: C:\DOCUME~1\RISHIH~1.000\LOCALS~1\Temp\gsplittm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\windows\System32\Drivers\i2omgmt.sys"
+ "InCDPass" "Ahead RW Filter Driver" "Nero AG" "c:\windows\system32\drivers\incdpass.sys"
+ "incdrm" "Nero MRW Filter Driver" "Nero AG" "c:\windows\system32\drivers\incdrm.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "is3srv" "" "" "File not found: system32\drivers\is3srv.sys"
+ "lbrtfdc" "" "" "File not found: C:\windows\System32\Drivers\lbrtfdc.sys"
+ "MEMSWEEP2" "" "" "File not found: C:\WINDOWS\system32\84.tmp"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nmwcd" "" "" "File not found: system32\drivers\ccdcmb.sys"
+ "nmwcdc" "" "" "File not found: system32\drivers\ccdcmbo.sys"
+ "nv" "NVIDIA Windows XP Miniport Driver, Version 306.23 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfd.sys"
+ "PCIDump" "" "" "File not found: C:\windows\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\windows\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\windows\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDRFRAME.sys"
+ "PfFilter" "Protected Folder filter driver" "IObit Information Technology" "e:\program files\iobit\protected folder\pffilter.sys"
+ "prodrv06" "StarForce Protection Environment Driver" "Protection Technology" "c:\windows\system32\drivers\prodrv06.sys"
+ "prohlp02" "StarForce Protection Helper Driver" "Protection Technology" "c:\windows\system32\drivers\prohlp02.sys"
+ "prosync1" "StarForce Protection Synchronization Driver" "Protection Technology" "c:\windows\system32\drivers\prosync1.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "sfhlp01" "StarForce Protection Helper Driver" "Protection Technology" "c:\windows\system32\drivers\sfhlp01.sys"
+ "SndTAudio" "Support Device" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\sndtaudio.sys"
+ "SndTVideo" "Video Mirror Miniport" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\sndtvideo.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "szkg5" "" "" "File not found: system32\DRIVERS\szkg.sys"
+ "szkgfs" "" "" "File not found: system32\drivers\szkgfs.sys"
+ "tbhsd" "Tunebite High-Speed Dubbing" "RapidSolution Software AG" "c:\windows\system32\drivers\tbhsd.sys"
+ "TBPanel" "Display Control Program" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\tbpanel.sys"
+ "TuneUpUtilitiesDrv" "TuneUp Utilities Driver" "TuneUp Software" "c:\program files\avg\avg pc tuneup\tuneuputilitiesdriver32.sys"
+ "upperdev" "" "" "File not found: system32\DRIVERS\usbser_lowerflt.sys"
+ "UsbserFilt" "" "" "File not found: system32\DRIVERS\usbser_lowerfltj.sys"
+ "vtany" "" "" "File not found: C:\windows\vtany.sys"
+ "WDICA" "" "" "File not found: C:\windows\System32\Drivers\WDICA.sys"
+ "WinRing0_1_2_0" "" "" "File not found: E:\program files\IObit\Game Booster 3\Driver\WinRing0.sys"
+ "xcvaesyz" "" "" "File not found: C:\windows\System32\Drivers\xcvaesyz.sys"
+ "XDva252" "" "" "File not found: C:\WINDOWS\system32\XDva252.sys"
+ "XDva375" "" "" "File not found: C:\WINDOWS\system32\XDva375.sys"
+ "XDva390" "" "" "File not found: C:\WINDOWS\system32\XDva390.sys"
+ "XDva391" "" "" "File not found: C:\windows\system32\XDva391.sys"
+ "XDva398" "" "" "File not found: C:\windows\system32\XDva398.sys"
+ "xhunter1" "" "" "File not found: C:\windows\xhunter1.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.dvsd" "MainConcept DV Codec" "MainConcept" "c:\windows\system32\mcdvd_32.dll"
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.vp60" "EA VP6 VIDEO FOR WINDOWS CODEC " "EA.com/On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.vp61" "EA VP6 VIDEO FOR WINDOWS CODEC " "EA.com/On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP62" "EA VP6 VIDEO FOR WINDOWS CODEC " "EA.com/On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3File" "" "" "e:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Audio Delay Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Audio Pitch Correction Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI CC Multiplexer" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI CC Splitter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI EZShare Client" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI EZShare Server" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI FM-On-Demand Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Media Center Audio Encoder" "ATI Media Center Encoder" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI Media Center Multiplexer" "ATI Media Center Encoder" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI Media Center Video Encoder" "ATI Media Center Encoder" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI MPEG Audio Decoder" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Audio Encoder" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG File Writer" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Multiplexer" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Video Decoder" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Video Encoder" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Noise Reduction Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Time Shift Reader" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Time Shift Splitter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Stream Sink" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Stream Source" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Video Converter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Format Converter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Rotation Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Scaler Filter" "ATI Digital VCR" "ATI Technologies, Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "AVS Video Out" "AVSVideoOutFilter DirectShow Filter" "Online Media Technologies Ltd" "c:\program files\common files\avsmedia\activex\avsvideooutfilter3.ax"
+ "AVSMediaGrabber" "AVSMediaGrabber4 DirectShow Filter" "Online Media Technologies Ltd." "c:\program files\common files\avsmedia\activex\avsmediagrabber4.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "e:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DeskShare QuickTime Encoder Filter" "DSQTEncoder DLL" "DeskShare" "c:\program files\common files\deskshare shared\ax\dsqtencoder.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "e:\program files\combined community codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "e:\program files\combined community codec pack\filters\vsfilter.dll"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "c:\program files\divx\divx plus directshow filters\dmfsource.ax"
+ "DivX MKV Demux (unrestricted)" "DivX MKV Splitter" "" "c:\program files\divx\divx plus directshow filters\dmfsource.ax"
+ "DSTransInPlaceFilter" "DSTransInPlaceFilter" "DeskShare" "c:\program files\common files\deskshare shared\ax\dstransinplacefilter.ax"
+ "DXVA Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "e:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax"
+ "Essien MPEG Encoder Filter v4" "DirectShow MPEG Writing and Multiplexing DirectShow Filter" "Essien Research & Development" "c:\program files\common files\deskshare shared\ax\directencode.dll"
+ "EssienR&D MPEG Writer Filter" "" "" "e:\program files\all video sound extractor\mpgfiltr.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "e:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "e:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "FLAC Audio Decoder" "FLAC Audio Filter" "-" "c:\program files\common files\common share\codecs\flac.ax"
+ "FLAC Audio Filter" "FLAC Audio Filter" "-" "c:\program files\common files\common share\codecs\flac.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Gretech AAC Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech ASF Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech AsfEx Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Audio Filter" "" "" "e:\program files\gretech\gomplayer\gaf.ax"
+ "Gretech AVI Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech FLV Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MKV Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MP3 Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MP4 Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MPEG Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MPEG Source Filter2" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Network(AVI) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(FLV) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(GOM) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(MP4) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(OGG P2P) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(OGG) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(SHOUTcast) Filter" "" "" "e:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech OGG Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech OGG Source Filter2" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Theora Source Filter" "" "" "e:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Video Filter" "" "" "e:\program files\gretech\gomplayer\gvf.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "e:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "e:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "e:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "e:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "e:\program files\combined community codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "e:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "HighMAT and MPV Navigator Filter" "MPV Playback Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\hmnavigator.ax"
+ "HighMAT/MPV Navigation Client Filter" "MPV Playback Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\hmnavigator.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "e:\program files\combined community codec pack\filters\lavfilters\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "e:\program files\combined community codec pack\filters\lavfilters\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "e:\program files\combined community codec pack\filters\lavfilters\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "e:\program files\combined community codec pack\filters\lavfilters\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "e:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "e:\program files\k-lite codec pack\filters\madflac.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "e:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "e:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "e:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "e:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "e:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "e:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "MPC-HC Team" "e:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "MPC-HC Team" "e:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MPEG-2 PSI Reader Filter" "Mpeg2PsiReader" "Nero AG" "c:\program files\common files\ahead\dsfilter\mpeg2psireader.ax"
+ "MPEG-2 Stream Reader Filter" "Mpeg2StreamReader" "Nero AG" "c:\program files\common files\ahead\dsfilter\mpeg2streamreader.ax"
+ "MPEG/AC3/DTS/LPCM Audio Decoder" "Mpeg Audio Decoder for DirectShow, based on libmad" "Gabest" "e:\program files\gretech\gomplayer\codecs\mpadecfilter.ax"
+ "Mpeg2Dec Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "e:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax"
+ "NeAudio2" "Nero Audio Decoder 2" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio2.ax"
+ "Nero Audible Decoder" "Nero Audible Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudible.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero AV Synchronizer" "Audio/Video Synchronizer" "Nero AG" "c:\program files\common files\ahead\dsfilter\neavsync.ax"
+ "Nero Deinterlace" "Deinterlacing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedeinterlace.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Video Enc" "MPEG4 and H.264 (AVC) Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendvid.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "Nero Home" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero FLV Splitter" "Nero FLV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neflvsplitter.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero InteractiveGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdgraphic.ax"
+ "Nero MP3 Encoder" "MP3 Encoding Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nemp3encoder.ax"
+ "Nero MP4 Splitter" "MP4 Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nemp4splitter.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 encoder filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Ogg Splitter" "Ogg Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neoggsplitter.ax"
+ "Nero Overlay Mixer" "Overlay Mixer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neoverlaymixer.ax"
+ "Nero Photo Source" "Nero Home" "Nero AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PresentationGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdgraphic.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Sound Processor" "Nero Sound Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesoundproc.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Stream Buffer Sink" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesbe.ax"
+ "Nero Stream Buffer Source" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesbe.ax"
+ "Nero Subpicture Decoder" "Nero Subpicture Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesubpicture.ax"
+ "Nero Subtitle" "Subtitle Mixer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesubtitle.ax"
+ "Nero Thumbnail Decoder" "Thumbnail Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdthumbnail.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Decoder HD" "Nero HD Video Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideohd.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Renderer" "Nero Video Renderer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideorenderer.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "NeSoundSwitch" "Nero Sound Switcher" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesoundswitch.ax"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "e:\program files\k-lite codec pack\filters\rlofrdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\windows\system32\vp6dec.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "e:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WAV Dest" "" "Viscom Software" "e:\program files\all video sound extractor\viscomwave.dll"
+ "WAV Dest VEM" "WAVDest Filter" "DeskShare" "c:\program files\common files\deskshare shared\ax\wavdest.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "e:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "e:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ZJSoft RealAudio Decoder" "RealMedia Splitter" "Gabest" "e:\program files\winavi mp4 converter\filter\realmediasplitter.ax"
+ "ZJSoft RealMedia Source" "RealMedia Splitter" "Gabest" "e:\program files\winavi mp4 converter\filter\realmediasplitter.ax"
+ "ZJSoft RealMedia Splitter" "RealMedia Splitter" "Gabest" "e:\program files\winavi mp4 converter\filter\realmediasplitter.ax"
+ "ZJSoft RealVideo Decoder" "RealMedia Splitter" "Gabest" "e:\program files\winavi mp4 converter\filter\realmediasplitter.ax"
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
+ "{584FDB1D-51C4-4A1D-B674-D548D915EE01}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{6DDC8FCE-C470-444A-9425-8EAC662A99F7}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{821C65A9-C22B-4387-9503-265472E25544}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
+ "{C73B6814-9FF3-4D10-A5C0-678904F869E9}" "WIC Metadata Handler Plug-in" "Eastman Kodak Company" "c:\program files\common files\kodak\wic_support\metadatawicmetadatahandler-platopt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "driverscanner.exe" "AVG Automatic Program Reactivator" "AVG" "c:\program files\avg\avg pc tuneup\tuautoreactivator32.exe"
+ "unins000.exe" "AVG Automatic Program Reactivator" "AVG" "c:\program files\avg\avg pc tuneup\tuautoreactivator32.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON TX101 32MonitorBI" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbedi.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "AdobeDriveCS4_NP" "Adobe Drive CS4 Network" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"

#15 M!5T3RM0U53

M!5T3RM0U53
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 12 October 2012 - 12:24 PM

systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:53 on 12/10/2012 by Rishi
Administrator - Elevation successful

========== filefind ==========

Searching for "spjf.sys"
No files found.

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users