Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird stuff and unknown processes


  • This topic is locked This topic is locked
17 replies to this topic

#1 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 15 March 2013 - 11:09 AM

tried all of the ark i can get my hands on
anyway here there are i found a very suspicoius activity
 
all of the process lister + all of the ARK couldn't see those hidden process
 
dcf12v.png
 
what should i do now ??
 
 
here is a log 
http://pastebin.com/9t8E20Lb
 
i know i'm not spoused to post logs here but take a look anyway
 
ComboFix 13-03-14.02 - home 03/14/2013  12:38:06.7.2 - x64
 
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2526 [GMT 2:00]
 
Running from: c:\users\home\Desktop\ComboFix.exe
 
Command switches used :: /uinstall
 
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
 
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
 
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
.
 
.
 
(((((((((((((((((((((((((   Files Created from 2013-02-14 to 2013-03-14  )))))))))))))))))))))))))))))))
 
.
 
.
 
2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\Public\AppData\Local\temp
 
2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
 
2013-03-14 10:43 . 2013-03-14 10:43     --------        d-----w-        c:\users\Default\AppData\Local\temp
 
2013-03-14 10:36 . 2013-03-14 10:36     --------        d-----w-        c:\program files (x86)\VMware
 
2013-03-13 10:45 . 2013-03-13 10:45     --------        d-----w-        c:\programdata\PrevxCSI
 
2013-03-11 23:02 . 2013-03-14 06:10     --------        d-----w-        C:\Fraps
 
2013-03-11 22:57 . 2013-03-11 22:57     --------        d-----w-        c:\program files (x86)\EASEUS
 
2013-03-11 22:57 . 2004-04-18 21:42     733184  ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
 
2013-03-11 22:57 . 2004-04-18 21:40     69715   ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
 
2013-03-11 22:57 . 2004-04-18 21:39     266240  ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
 
2013-03-11 22:57 . 2004-04-18 21:39     172032  ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
 
2013-03-11 22:57 . 2004-04-18 21:39     5632    ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
 
2013-03-11 22:57 . 2013-03-11 22:57     180356  ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
 
2013-03-11 22:57 . 2013-03-11 22:57     303236  ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
 
2013-03-03 23:48 . 2013-03-03 23:48     --------        d-----w-        c:\users\home\AppData\Local\EA Games
 
2013-03-01 21:45 . 2013-03-01 21:45     --------        d-----w-        c:\users\home\AppData\Local\Monte Cristo
 
2013-03-01 20:11 . 2013-03-01 20:11     --------        d-----w-        c:\users\home\AppData\Roaming\ScannerData
 
2013-02-24 03:38 . 2013-02-24 03:38     --------        d-----w-        c:\users\home\AppData\Roaming\My Battle for Middle-earth™ II Files
 
.
 
.
 
.
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
.
 
2013-02-02 12:13 . 2013-02-02 12:13     1700352 ----a-w-        c:\windows\SysWow64\gdiplus.dll
 
2013-01-26 07:56 . 2013-01-26 07:56     61440   ----a-w-        c:\windows\SysWow64\drivers\amsh.sys
 
2013-01-26 07:54 . 2013-01-26 07:54     61440   ----a-w-        c:\windows\SysWow64\drivers\dtcu.sys
 
2012-12-14 14:49 . 2012-05-14 15:30     24176   ----a-w-        c:\windows\system32\drivers\mbam.sys
 
.
 
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
.
 
.
 
*Note* empty entries & legit default entries are not shown
 
REGEDIT4
 
.
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
 
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
 
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-07 393216]
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
 
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
 
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
 
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
 
.
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 
"ConsentPromptBehaviorAdmin"= 5 (0x5)
 
.
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
 
"aux1"=wdmaud.drv
 
.
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
 
BootExecute     REG_MULTI_SZ    
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
 
@=""
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
 
@=""
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
 
@=""
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
 
@=""
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
 
@=""
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
 
.
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
 
R2 CSUService;COMODO System Utilities Service;c:\program files\COMODO\COMODO System Utilities\CSUService.exe [2012-02-24 347968]
 
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
 
R3 esihdrv;esihdrv;c:\users\home\AppData\Local\Temp\esihdrv.sys [x]
 
R3 OSHIUnhooker;OSHIUnhooker;c:\users\home\AppData\Local\Temp\OSHIUnhooker.sys [x]
 
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
 
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2012-10-29 31328]
 
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
 
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
 
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
 
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
 
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
 
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
 
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-04-03 117040]
 
R3 VGPU;VGPU; [x]
 
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
 
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2012-03-13 153880]
 
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\home\Desktop\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-06-17 23208]
 
S1 aswSnx;aswSnx; [x]
 
S1 aswSP;aswSP; [x]
 
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-07 279616]
 
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
 
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
 
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
 
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
 
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
 
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
 
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 204288]
 
S2 aswFsBlk;aswFsBlk; [x]
 
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
 
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
 
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
 
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
 
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
 
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
 
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
 
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
 
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
 
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
 
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1196032]
 
.
 
.
 
--- Other Services/Drivers In Memory ---
 
.
 
*NewlyCreated* - 09413142
 
*NewlyCreated* - 31208922
 
*Deregistered* - 09413142
 
*Deregistered* - 31208922
 
*Deregistered* - kEvP64
 
.
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
 
iissvcs REG_MULTI_SZ    w3svc was
 
apphost REG_MULTI_SZ    apphostsvc
 
.
 
Contents of the 'Scheduled Tasks' folder
 
.
 
2013-02-04 c:\windows\Tasks\avast! Emergency Update.job
 
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-04 22:50]
 
.
 
2013-02-02 c:\windows\Tasks\CSU Updater.job
 
- c:\program files\COMODO\COMODO System Utilities\Updater.exe [2012-02-24 13:27]
 
.
 
.
 
--------- X64 Entries -----------
 
.
 
.
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
 
@="{472083B0-C522-11CF-8763-00608CC02F24}"
 
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
 
2012-10-30 22:50        133400  ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000]
 
.
 
------- Supplementary Scan -------
 
.
 
uLocal Page = c:\windows\system32\blank.htm
 
uStart Page = hxxp://www.Google.com/
 
mLocal Page = c:\windows\SysWOW64\blank.htm
 
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
 
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
 
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
 
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
 
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
 
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\srjoc275.default\
 
FF - ExtSQL: 2013-02-02 10:01; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\srjoc275.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
 
FF - ExtSQL: 2013-02-04 09:24; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
 
.
 
- - - - ORPHANS REMOVED - - - -
 
.
 
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
 
.
 
.
 
.
 
--------------------- LOCKED REGISTRY KEYS ---------------------
 
.
 
[HKEY_USERS\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
 
@Allowed: (Read) (RestrictedCode)
 
"??"=hex:83,90,80,c0,4b,f6,1e,9f,aa,66,52,c4,b1,a8,53,87,4a,8c,96,84,bf,7d,08,
 
   97,ae,e2,61,bc,f5,e9,0e,b6,66,c9,c0,12,53,f2,b7,52,de,0a,84,a9,ea,ea,7a,46,\
 
"??"=hex:d0,a0,1c,91,64,84,c7,c9,59,17,ff,8b,0d,46,cd,54
 
.
 
[HKEY_USERS\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\SecuROM\License information*]
 
"datasecu"=hex:2c,fb,85,13,ae,08,7b,4c,7d,5c,79,76,0c,35,12,be,29,d4,72,e7,6e,
 
   61,2d,ff,d1,a5,33,79,94,fb,15,d1,c9,c7,d8,d3,c5,03,f6,5e,5b,00,68,64,8f,72,\
 
"rkeysecu"=hex:a4,61,af,a4,db,e2,fa,96,c9,0f,cf,46,72,2c,71,b5
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
 
@Denied: (A 2) (Everyone)
 
@="FlashBroker"
 
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
 
"Enabled"=dword:00000001
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
 
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
 
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
 
@Denied: (A 2) (Everyone)
 
@="Shockwave Flash Object"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
 
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
 
"ThreadingModel"="Apartment"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
 
@="0"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
 
@="ShockwaveFlash.ShockwaveFlash.10"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
 
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
 
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
 
@="1.0"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
 
@="ShockwaveFlash.ShockwaveFlash"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
 
@Denied: (A 2) (Everyone)
 
@="Macromedia Flash Factory Object"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
 
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
 
"ThreadingModel"="Apartment"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
 
@="FlashFactory.FlashFactory.1"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
 
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
 
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
 
@="1.0"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
 
@="FlashFactory.FlashFactory"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
 
@Denied: (A 2) (Everyone)
 
@="IFlashBroker4"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
 
@="{00020424-0000-0000-C000-000000000046}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
 
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
"Version"="1.0"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
 
@Denied: (A) (Everyone)
 
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
 
@Denied: (A) (Everyone)
 
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
 
@Denied: (A) (Everyone)
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
 
"Key"="ActionsPane"
 
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
 
@Denied: (A) (Everyone)
 
.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
 
"Key"="ActionsPane3"
 
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
 
@Denied: (A) (Users)
 
@Denied: (A) (Everyone)
 
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
 
"BlindDial"=dword:00000000
 
.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
 
@Denied: (Full) (Everyone)
 
.
 
Completion time: 2013-03-14  12:45:43
 
ComboFix-quarantined-files.txt  2013-03-14 10:45
 
ComboFix2.txt  2013-03-14 10:30
 
.
 
Pre-Run: 15,304,417,280 bytes free
 
Post-Run: 15,212,888,064 bytes free
 
.
 
- - End Of File - - 4218994292465AAFA4838D564589AB17

*Moderator Edit: Moved topic from Am I Infected to the appropriate forum. Combofix logs afre allowed only in Malware Removal Logs ~ Queen-Evie*

Edited by Queen-Evie, 16 March 2013 - 08:32 AM.

A big thanks to Dider Stevens

sorry for not being around

 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 16 March 2013 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before you run the following tools remove the Word Wrap on you Notepad.
This will remove all the blank lines in your logs.

Please do not run any other tool or post any other log unless I request it.

I also need to know what is the problem with this computer.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document. ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner
  • by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
    Please post the logs for my review. Let me know what problem persists.


#3 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 19 March 2013 - 05:04 PM

Thanks for the replay

this machine is an offline machine this mean it's not connected to the internet

anyway   the main problem is those hidden processes  i found while playing with some tools

 

symptoms : unusual hardactivity in idle + Vmware auth service cannot be run + avast web shield isn't running 

reinstalling didn't fix the problem

 

i did those before starting the topic

- installed avira

-scan with mbam , sas , DRweb cure it

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64  
Internet Explorer: 8.0.7601.17514
Run by home at 11:19:46 on 2013-03-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2942 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie22\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Sandboxie22\SbieCtrl.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.Google.com/
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie22\SbieCtrl.exe"
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
Handler: cardisabled - <Clsid value has no data>
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: PDF-XChange Viewer IE-Plugin: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
x64-Handler: cardisabled - <Clsid value has no data>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\System32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\i34qm3xd.default\
.
============= SERVICES / DRIVERS ===============
.
R0 DwProt;DrWeb Protection;C:\Windows\System32\drivers\dwprot.sys [2012-3-13 153880]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\home\Desktop\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-6-17 23208]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-15 27800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-7 279616]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-8-26 913792]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-8 204288]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-15 85280]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-15 109344]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-15 99912]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-5 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie22\SbieDrv.sys [2013-1-10 197488]
R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-14 411136]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-10-25 1196032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CSUService;COMODO System Utilities Service;C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [2012-2-24 347968]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 VMUSBArbService;VMware USB Arbitration Service;"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" --> C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 rspSanity;rspSanity;C:\Windows\System32\drivers\rspSanity64.sys [2012-2-13 31328]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-3 117040]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-3-15 565024]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-18 04:03:16    --------    d-----w-    C:\Program Files (x86)\AzTools
2013-03-15 01:52:19    --------    d-----w-    C:\Users\home\AppData\Roaming\Avira
2013-03-15 01:49:31    99912    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-03-15 01:49:31    27800    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-03-15 01:49:30    --------    d-----w-    C:\ProgramData\Avira
2013-03-15 01:49:30    --------    d-----w-    C:\Program Files (x86)\Avira
2013-03-15 01:14:11    --------    d-----w-    C:\Users\home\AppData\Local\VMware
2013-03-15 01:03:48    --------    d-----w-    C:\Program Files\Sandboxie22
2013-03-15 00:57:18    --------    d-----w-    C:\ProgramData\Ad-Aware Antivirus
2013-03-15 00:57:17    --------    d-----w-    C:\Users\home\AppData\Roaming\Ad-Aware Antivirus
2013-03-15 00:56:54    47496    ----a-w-    C:\Windows\System32\sbbd.exe
2013-03-15 00:56:50    --------    d-----w-    C:\Program Files (x86)\Ad-Aware Antivirus
2013-03-15 00:54:04    --------    d-----w-    C:\Users\home\AppData\Local\Downloaded Installations
2013-03-14 19:24:42    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-14 10:36:02    --------    d-----w-    C:\Program Files (x86)\VMware
2013-03-14 10:21:21    98816    ----a-w-    C:\Windows\sed.exe
2013-03-14 10:21:21    256000    ----a-w-    C:\Windows\PEV.exe
2013-03-14 10:21:21    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-13 10:45:53    --------    d-----w-    C:\ProgramData\PrevxCSI
2013-03-11 23:02:30    --------    d-----w-    C:\Fraps
2013-03-11 22:57:54    --------    d-----w-    C:\Program Files (x86)\EASEUS
2013-03-11 22:57:29    733184    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-03-11 22:57:29    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-03-11 22:57:29    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-03-11 22:57:29    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-03-11 22:57:29    172032    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-03-11 22:57:24    180356    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-03-11 22:57:23    303236    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-03-03 23:48:26    --------    d-----w-    C:\Users\home\AppData\Local\EA Games
2013-03-01 21:45:54    --------    d-----w-    C:\Users\home\AppData\Local\Monte Cristo
2013-03-01 20:11:57    --------    d-----w-    C:\Users\home\AppData\Roaming\ScannerData
2013-02-24 03:38:01    --------    d-----w-    C:\Users\home\AppData\Roaming\My Battle for Middle-earth™ II Files
.
==================== Find3M  ====================
.
2013-02-02 12:13:53    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2013-01-26 07:56:01    61440    ----a-w-    C:\Windows\SysWow64\drivers\amsh.sys
2013-01-26 07:54:03    61440    ----a-w-    C:\Windows\SysWow64\drivers\dtcu.sys
.
============= FINISH: 11:20:30.73 ===============


A big thanks to Dider Stevens

sorry for not being around

 


#4 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 19 March 2013 - 05:06 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2011 10:44:09 AM
System Uptime: 3/19/2013 11:18:22 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4N72-E
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6400+ | AM2 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 21.849 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 9.324 GiB free.
E: is FIXED (NTFS) - 135 GiB total, 6.842 GiB free.
F: is CDROM ()
G: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Data Interface
Device ID: USB\VID_12D1&PID_1001&MI_02\6&17B307A5&1&0002
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_12D1&PID_1001&MI_02\6&17B307A5&1&0002
Service:
.
Class GUID:
Description: Data Interface
Device ID: USB\VID_12D1&PID_1001&MI_00\6&17B307A5&1&0000
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_12D1&PID_1001&MI_00\6&17B307A5&1&0000
Service:
.
Class GUID:
Description: Data Interface
Device ID: USB\VID_12D1&PID_1001&MI_01\6&17B307A5&1&0001
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_12D1&PID_1001&MI_01\6&17B307A5&1&0001
Service:
.
==== System Restore Points ===================
.
RP390: 3/18/2013 2:07:22 AM - Installed DirectX
RP391: 3/18/2013 2:12:38 AM - Installed Borderlands 2
.
==== Installed Programs ======================
.
"Mass Effect 3"
1.2
1.6
Ad-Aware Antivirus
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Story
Adobe Widget Browser
Advanced SystemCare 5
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
ASUS E-Green Uninstall
ATI AVIVO64 Codecs
Avira Free Antivirus
AviSynth 2.5
Bigasoft Total Video Converter 3.5.18.4353
Blueline 1.1.1
Borderlands 2
Bully Scholarship Edition
Call of Duty Modern Warfare 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
Cheatbook Database 2012
Cities XL
COMODO System Utilities
CPUID HWMonitor 1.21
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
CyberLink Power2Go
DAEMON Tools Lite
Dark Souls - Prepare to Die Edition
Darksiders II
Direct Show Ogg Vorbis Filter (remove only)
Dishonored
DMC Devil May Cry
Dragon Age 2 with DLC Pack
DVDFab 8.1.8.5 (24/05/2012) Qt
EASEUS Data Recovery Wizard Professional 4.3.6
EVEREST Ultimate Edition v5.30
Fallout 3
Fallout New Vegas
FileAlyzer 2
FormatFactory 3.0.1
Foxit Reader
Fraps (remove only)
Google Update Helper
HandBrake 0.9.8
HitmanPro 3.7
HydraVision
K-Lite Codec Pack 5.1.0 (Full)
LG Bluetooth Drivers
LG Internet Kit
LG USB Modem Drivers
LinkIconShim (64bit)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 SDK (x64) - ENU
Microsoft .NET Framework 4 Client Profile
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
moulin 1.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2008 - ENU
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUSTEK 1248UB V1.2
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Suite
Nokia_Multimedia_Common_Components_2_5
Notepad++
NoVirusThanks Kernel Mode Drivers Manager v1.0
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Opera 11.64
Oracle VM VirtualBox 4.1.12
PC Connectivity Solution
PDF-Viewer
PDF Settings CS5
Platform
Process Hacker 2.28 (r5073)
Prototype 2
QuickTime
Recover My Files
Revo Uninstaller 1.93
Rockstar Games Social Club
Sandboxie 4.01 (64-bit)
SanityCheck 3.00
Serious Sam 3 BFE
Sniper Elite V2
Sophos Anti-Rootkit 1.5.4
SumatraPDF
SUPERAntiSpyware
The Battle for Middle-earth ™ II
The Elder Scrolls V Skyrim
The KMPlayer (remove only)
The Sims 3
TypingMaster Pro
Ubisoft Game Launcher
Ultimate Reference Suite
UVK
VC Runtimes MSI
VIA Platform Device Manager
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 2.0.0
WarCraft III - Frozen Throne
Windows 7 USB/DVD Download Tool
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live ID Sign-in Assistant
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
Xilisoft DVD Ripper Ultimate 6
Zune Desktop Theme
.
==== Event Viewer Messages From Past Week ========
.
3/19/2013 2:46:23 AM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894.
3/19/2013 2:46:23 AM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80070002.
3/19/2013 2:44:03 AM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147024894
3/19/2013 11:19:15 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sfhlp01
3/19/2013 11:18:53 AM, Error: Service Control Manager [7000]  - The VMware USB Arbitration Service service failed to start due to the following error:  The system cannot find the file specified.
3/19/2013 11:18:50 AM, Error: Service Control Manager [7000]  - The atksgt service failed to start due to the following error:  This driver has been blocked from loading
3/19/2013 11:18:50 AM, Error: Application Popup [875]  - Driver atksgt.sys has been blocked from loading.
3/15/2013 8:03:53 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 8:00:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/15/2013 8:00:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/15/2013 8:00:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2013 7:59:56 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL sfhlp01 spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
3/15/2013 7:59:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:50 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:48 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/15/2013 7:59:48 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/15/2013 7:59:48 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/15/2013 7:59:48 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/15/2013 7:59:48 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/15/2013 3:49:21 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/15/2013 3:48:01 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL sfhlp01 spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
3/15/2013 3:09:33 AM, Error: Application Popup [1060]  - \??\C:\Users\home\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/15/2013 2:59:11 AM, Error: SbieSvc [9153]  - SBIE9153 Cannot start driver (SbieDrv)
3/15/2013 2:59:06 AM, Error: SbieDrv [1110]  - SBIE1110 Cannot intercept type Object, error [C000000D / 81]
3/15/2013 2:59:06 AM, Error: SbieDrv [1103]  - SBIE1103 Sandboxie driver (SbieDrv) version 3.72 failed to start
3/15/2013 2:55:12 AM, Error: Service Control Manager [7024]  -
3/14/2013 9:47:26 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/14/2013 7:22:20 AM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2013 7:22:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/14/2013 12:43:17 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/14/2013 12:42:48 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================



# AdwCleaner v2.115 - Logfile created 03/19/2013 at 11:21:43
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\i34qm3xd.default\prefs.js

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\home\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [840 octets] - [04/02/2013 09:05:15]
AdwCleaner[R2].txt - [1074 octets] - [19/03/2013 11:21:24]
AdwCleaner[R3].txt - [1006 octets] - [19/03/2013 11:21:43]

########## EOF - C:\AdwCleaner[R3].txt - [1066 octets] ##########


A big thanks to Dider Stevens

sorry for not being around

 


#5 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 19 March 2013 - 05:08 PM

 Results of screen317's Security Check version 0.99.61 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avira Desktop  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Sophos Anti-Rootkit 1.5.4  
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Adobe Flash Player 10 Flash Player out of Date!
 Mozilla Firefox 14.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus SBAMSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


A big thanks to Dider Stevens

sorry for not being around

 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 20 March 2013 - 08:02 AM

Nothing suspicious was found on your logs.

Run the OTL tool again and post the logs for my review. Do not attach them.

Make sure you remove the Word wrap on Notepad to remove the extra blank lines.

#7 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 21 March 2013 - 04:09 PM

OTL logfile created on: 3/20/2013 4:31:36 AM - Run 12
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Untitled Folder
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.40% Memory free
8.00 Gb Paging File | 6.76 Gb Available in Paging File | 84.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 21.68 Gb Free Space | 22.22% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 5.56 Gb Free Space | 0.60% Space Free | Partition Type: NTFS
Drive E: | 135.23 Gb Total Space | 6.84 Gb Free Space | 5.06% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/20 15:31:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Untitled Folder\OTL.exe
PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/12/04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/26 21:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/07/07 23:02:56 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/08/20 09:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2010/08/20 09:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 09:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013/01/10 15:01:50 | 000,166,672 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie22\SbieSvc.exe -- (SbieSvc)
SRV:[b]64bit:[/b] - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2012/07/11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:[b]64bit:[/b] - [2012/02/24 15:26:34 | 000,347,968 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV:[b]64bit:[/b] - [2011/07/08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2007/11/07 19:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/26 21:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/01/04 22:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/01/10 15:01:48 | 000,197,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie22\SbieDrv.sys -- (SbieDrv)
DRV:[b]64bit:[/b] - [2012/12/03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012/12/03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012/11/16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012/10/29 08:20:32 | 000,031,328 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:[b]64bit:[/b] - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:[b]64bit:[/b] - [2012/08/02 23:17:34 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012/04/03 23:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/03/13 23:22:56 | 000,153,880 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:[b]64bit:[/b] - [2011/12/07 13:23:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:[b]64bit:[/b] - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:[b]64bit:[/b] - [2011/07/08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2011/07/08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/07/08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:[b]64bit:[/b] - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/08 10:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2008/08/28 20:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2007/02/06 23:19:32 | 000,022,528 | ---- | M] (         ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gt680x.sys -- (GT680x)
DRV - [2012/06/17 19:07:39 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\home\Desktop\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/06 23:19:32 | 000,022,528 | ---- | M] (         ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\gt680x.sys -- (GT680x)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/15 08:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/05 07:37:41 | 000,000,000 | ---D | M]
 
[2013/03/15 08:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2013/03/15 08:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 02:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/03/14 12:28:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie22\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O18:[b]64bit:[/b] - Protocol\Handler\cardisabled - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\cardisabled - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/03 15:54:45 | 000,000,067 | ---- | M] () - C:\AutoRun_TEST_Log(0000).txt -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/03/18 06:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2013/03/15 08:21:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Mozilla
[2013/03/15 08:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/15 08:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/15 03:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/15 03:52:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Avira
[2013/03/15 03:49:31 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/15 03:49:31 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/15 03:49:31 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/15 03:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/15 03:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/15 03:14:11 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\VMware
[2013/03/15 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/03/15 03:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie22
[2013/03/15 02:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/15 02:57:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Ad-Aware Antivirus
[2013/03/15 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/15 02:56:54 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/03/15 02:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/15 02:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/15 02:54:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Downloaded Installations
[2013/03/14 21:24:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/14 12:45:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/14 12:36:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/14 12:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013/03/14 12:21:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/14 12:21:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/14 12:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/13 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2013/03/13 01:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\FG
[2013/03/12 01:02:31 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2013/03/12 01:02:30 | 000,000,000 | ---D | C] -- C:\Fraps
[2013/03/12 00:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 4.3.6
[2013/03/12 00:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2013/03/12 00:48:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v4
[2013/03/04 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\EA Games
[2013/03/04 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\EA Games
[2013/03/01 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Monte Cristo
[2013/03/01 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\My Scanned Doucoments
[2013/03/01 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\ScannerData
[2013/02/24 05:38:01 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2013/02/24 05:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/02/20 02:25:05 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Tools
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/03/20 04:30:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 04:30:10 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 19:27:47 | 000,002,674 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/03/19 19:04:36 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 19:04:36 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 19:01:26 | 000,918,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/19 19:01:26 | 000,759,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/19 19:01:26 | 000,158,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/19 13:56:16 | 000,610,106 | ---- | M] () -- C:\Users\home\Desktop\Community.S03E20.DVDRip.XviD-CLUE[(002796)13-50-58].JPG
[2013/03/18 02:00:34 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Local\{F2778C84-00B7-4C8A-ABFC-220376281B83}
[2013/03/15 08:22:29 | 000,004,796 | ---- | M] () -- C:\Users\home\AppData\Local\Temp83.html
[2013/03/15 08:19:26 | 000,002,954 | ---- | M] () -- C:\Users\home\AppData\Local\Temp55.html
[2013/03/15 08:08:21 | 000,001,293 | ---- | M] () -- C:\Users\home\AppData\Local\Temp1.html
[2013/03/15 04:06:48 | 000,007,588 | ---- | M] () -- C:\Users\home\AppData\Local\Resmon.ResmonCfg
[2013/03/15 03:50:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/15 03:18:34 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/03/15 03:07:18 | 000,189,410 | ---- | M] () -- C:\Users\home\Desktop\Capture.PNG
[2013/03/15 03:03:48 | 000,000,906 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/03/15 02:57:30 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/15 02:53:28 | 000,931,332 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 12:28:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/13 12:34:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/03/20 04:33:36 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Local\{E1B9AE56-EC08-4EC8-A248-F97294C72E80}
[2013/03/19 13:51:01 | 000,610,106 | ---- | C] () -- C:\Users\home\Desktop\Community.S03E20.DVDRip.XviD-CLUE[(002796)13-50-58].JPG
[2013/03/18 02:00:34 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Local\{F2778C84-00B7-4C8A-ABFC-220376281B83}
[2013/03/15 08:22:29 | 000,004,796 | ---- | C] () -- C:\Users\home\AppData\Local\Temp83.html
[2013/03/15 08:21:29 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/15 08:19:26 | 000,002,954 | ---- | C] () -- C:\Users\home\AppData\Local\Temp55.html
[2013/03/15 03:07:18 | 000,189,410 | ---- | C] () -- C:\Users\home\Desktop\Capture.PNG
[2013/03/15 03:04:02 | 000,000,906 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/03/15 03:03:59 | 000,002,674 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/03/15 02:57:30 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/14 12:21:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 12:21:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 12:21:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/14 12:21:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 12:21:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 16:25:32 | 000,000,934 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/06 10:22:00 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2013/01/26 09:56:01 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\amsh.sys
[2013/01/26 09:54:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\dtcu.sys
[2013/01/12 01:29:13 | 000,001,293 | ---- | C] () -- C:\Users\home\AppData\Local\Temp1.html
[2012/12/05 09:01:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/12/04 13:10:19 | 000,001,177 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/28 23:45:54 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2012/08/29 23:23:28 | 000,000,132 | ---- | C] () -- C:\Users\home\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/25 22:54:02 | 000,139,152 | ---- | C] () -- C:\Windows\SysWow64\kEvP64.sys
[2012/04/05 07:50:16 | 000,007,588 | ---- | C] () -- C:\Users\home\AppData\Local\Resmon.ResmonCfg
[2012/01/16 06:56:44 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/01/16 06:56:44 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/11/27 04:27:46 | 000,001,655 | ---- | C] () -- C:\Users\home\AppData\Roaming\SvcTraceViewer.exe.settings
[2011/11/26 01:39:10 | 000,022,528 | ---- | C] (         ) -- C:\Windows\SysWow64\drivers\gt680x.sys
[2011/11/19 02:50:40 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/28 02:48:48 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/28 02:48:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/28 02:48:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/28 02:48:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/28 02:48:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/27 09:50:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/27 09:47:30 | 000,931,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/27 09:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/10 03:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/01/11 00:07:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/01/11 00:07:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/03/15 03:02:35 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ad-Aware Antivirus
[2012/08/25 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AnvSoft
[2012/01/31 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Autorun Analyzer
[2011/12/08 00:45:50 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Bigasoft Total Video Converter
[2013/01/13 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Canneverbe Limited
[2013/01/12 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CCE
[2012/11/06 11:06:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/29 04:35:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2013/03/04 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DAEMON Tools Lite
[2011/11/02 13:21:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Foxit
[2012/05/19 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Foxit Software
[2013/01/16 07:01:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\HandBrake
[2012/08/26 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\IObit
[2012/01/31 12:59:49 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\KillSwitch
[2012/03/12 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Kunnafoni
[2011/12/03 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\LG Electronics
[2012/04/05 07:35:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Motorola
[2013/02/24 05:38:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2012/04/05 07:38:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nokia
[2013/02/03 11:20:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Notepad++
[2012/07/16 11:39:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Opera
[2012/04/05 22:52:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PC Suite
[2012/06/30 03:12:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Process Hacker 2
[2012/07/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PunkBuster
[2012/05/31 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Red Alert 3
[2013/03/01 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ScannerData
[2011/10/30 04:20:54 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SumatraPDF
[2012/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\The Creative Assembly
[2012/12/04 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Theta
[2013/02/06 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TinyWall
[2012/07/16 11:21:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TownScape Found Viri
[2013/02/06 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TypingMaster7
[2012/08/24 04:49:34 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ubisoft
[2012/04/15 11:03:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\VSRevoGroup
[2013/01/26 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\WinPatrol
[2013/01/15 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Xilisoft
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/02/21 13:25:16 | 000,011,065 | ---- | M] ()(C:\Users\home\Desktop\???? ????????? ??????? ? ????? ????? ?????? ?????????.txt) -- C:\Users\home\Desktop\بصمة البرمجيات الخبيثة و كفائة برامج مكافحة الفيروسات.txt
[2013/02/21 13:25:16 | 000,011,065 | ---- | C] ()(C:\Users\home\Desktop\???? ????????? ??????? ? ????? ????? ?????? ?????????.txt) -- C:\Users\home\Desktop\بصمة البرمجيات الخبيثة و كفائة برامج مكافحة الفيروسات.txt
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

 

 

 

 

OTL Extras logfile created on: 3/20/2013 4:31:36 AM - Run 12
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Untitled Folder
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.40% Memory free
8.00 Gb Paging File | 6.76 Gb Available in Paging File | 84.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 21.68 Gb Free Space | 22.22% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 5.56 Gb Free Space | 0.60% Space Free | Partition Type: NTFS
Drive E: | 135.23 Gb Total Space | 6.84 Gb Free Space | 5.06% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Delete with UVK] -- "C:\Program Files (x86)\UVK\UVK_en.exe" "%1" (Carifred)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Delete with UVK] -- "C:\Program Files (x86)\UVK\UVK_en.exe" "%1" (Carifred)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CCB6D25-7446-4647-BF42-54A7C878E771}" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |  
"{9FC82C0C-FF1A-474F-86F2-41086140CBDD}" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |  
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D7B3B493-7B68-28CE-5931-89A5125C45D3}" = ATI AVIVO64 Codecs
"{E69688D7-AD08-45E1-B72C-EDE630308C1F}" = LinkIconShim (64bit)
"{E9FC036A-5DAB-831D-753B-BD638BA56AFF}" = AMD Media Foundation Decoders
"{E9FEA3E7-500C-5E1A-046C-C691EF13FD56}" = AMD Drag and Drop Transcoding
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"NoVirusThanks Kernel Mode Drivers Manager_is1" = NoVirusThanks Kernel Mode Drivers Manager v1.0
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker2_is1" = Process Hacker 2.28 (r5073)
"Sandboxie" = Sandboxie 4.01 (64-bit)
"SanityCheck_is1" = SanityCheck 3.00
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{269C93DC-3A29-450F-A3F2-7BF96C6A7E93}" = CDBurnerXP
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{31106061-2D4F-4CBD-A0D4-F3689E6BB943}" = Cities XL
"{31CA2FC8-BBCC-A59C-3211-345EF6EDCCE1}" = HydraVision
"{31F21148-ED45-49FF-A85A-A648D77DA5D8}" = Borderlands 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A337115-DB24-4E57-A9B8-EF9040B5884D}" = Prototype 2
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46E776B9-37DE-4B71-8DF2-F4C75112CA27}_is1" = "Mass Effect 3"
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{514C5488-192E-4C40-ACE5-CD28ECEED0E3}" = MUSTEK 1248UB V1.2
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{62A584DC-38A8-4357-B8B3-1E8B53F57BB5}" = Sniper Elite V2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85061DB5-B805-458A-9E5E-162942C9CB90}" = WarCraft III - Frozen Throne
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{892C9836-3183-4EFB-91F4-79D22CCDAC13}" = DMC Devil May Cry
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8B8A7714-F09E-4C8B-958A-720AC7E57A69}" = Serious Sam 3 BFE
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{9FC66B21-4A9A-4486-B1CB-FECB8623101A}" = Bully Scholarship Edition
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.5.18.4353
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BE26A4-5980-4CD6-B1BC-8F024800DB38}" = Fallout New Vegas
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B71D7483-09C1-4A90-AA0C-8AE0BAD57FFC}" = Call of Duty Modern Warfare 3
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E33F8988-58AF-408B-A338-4BC3630F8F12}" = Dragon Age 2 with DLC Pack
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F10A742D-D41C-4432-9199-6B71D33501D6}" = The Elder Scrolls V Skyrim
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F981F584-ABB8-4CF9-9551-803940A7DAF3}" = Dark Souls - Prepare to Die Edition
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Blueline_is1" = Blueline 1.1.1
"Cheatbook Database 2012" = Cheatbook Database 2012
"Command and Conquer Generals Zero Hour_is1" = 1.2
"Command and Conquer Generals_is1" = 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darksiders II_is1" = Darksiders II
"Dishonored_is1" = Dishonored
"DVDFab 8 Qt_is1" = DVDFab 8.1.8.5 (24/05/2012) Qt
"EGREEN" = ASUS E-Green Uninstall
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FormatFactory" = FormatFactory 3.0.1
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"HandBrake" = HandBrake 0.9.8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{514C5488-192E-4C40-ACE5-CD28ECEED0E3}" = MUSTEK 1248UB V1.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"moulin" = moulin 1.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"Recover My Files_is1" = Recover My Files
"Revo Uninstaller" = Revo Uninstaller 1.93
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SumatraPDF" = SumatraPDF
"The KMPlayer" = The KMPlayer (remove only)
"Ultimate Reference Suite" = Ultimate Reference Suite
"UVK" = UVK
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.0
"Xilisoft DVD Ripper Ultimate 6" = Xilisoft DVD Ripper Ultimate 6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:45:49 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 8:55:34 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 12/17/2012 9:09:03 AM | Computer Name = home-PC | Source = Application Error | ID = 1000
Error - 12/17/2012 9:09:41 AM | Computer Name = home-PC | Source = Application Error
 | ID = 1000
 
Error - 12/17/2012 7:19:26 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =  
 
Error - 12/19/2012 9:16:12 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =  
 
Error - 12/19/2012 7:01:04 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =  
 
[ System Events ]
Error - 8/25/2012 4:58:53 PM | Computer Name = home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 8/25/2012 5:04:07 PM | Computer Name = home-PC | Source = SbieDrv | ID = 16843862
Description = SBIE1110 Cannot intercept type Object, error [C000000D / 81]
 
Error - 8/25/2012 5:04:07 PM | Computer Name = home-PC | Source = SbieDrv | ID = 16843855
Description = SBIE1103 Sandboxie driver (SbieDrv) version 3.72 failed to start
 
Error - 8/25/2012 5:04:08 PM | Computer Name = home-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.
 
Error - 8/25/2012 5:04:08 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error:   %%1275
 
Error - 8/25/2012 5:04:12 PM | Computer Name = home-PC | Source = SbieSvc | ID = 16851905
Description = SBIE9153 Cannot start driver (SbieDrv)
 
Error - 8/25/2012 5:10:37 PM | Computer Name = home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 8/25/2012 5:10:44 PM | Computer Name = home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 8/25/2012 5:10:51 PM | Computer Name = home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 8/25/2012 5:10:57 PM | Computer Name = home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
 
< End of report >


A big thanks to Dider Stevens

sorry for not being around

 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 22 March 2013 - 08:30 AM

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.

Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [AdobeBridge]  File not found
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O18:[b]64bit:[/b] - Protocol\Handler\cardisabled - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\cardisabled - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • I do not see any malware on this computer.


#9 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 22 March 2013 - 01:15 PM


i know it's weird what are those hidden processes ?
somekind of a new stealth rootkit ?
if there was no evidence i would say it's just paranoia  


here is the log :

OTL logfile created on: 3/22/2013 7:53:33 AM - Run 14
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Untitled Folder
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.50% Memory free
8.00 Gb Paging File | 6.75 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 21.48 Gb Free Space | 22.02% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 5.54 Gb Free Space | 0.59% Space Free | Partition Type: NTFS
Drive E: | 135.23 Gb Total Space | 6.84 Gb Free Space | 5.06% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/20 15:31:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Untitled Folder\OTL (2).exe
PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/12/04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/26 21:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/07/07 23:02:56 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/08/20 09:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2010/08/20 09:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 09:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013/01/10 15:01:50 | 000,166,672 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie22\SbieSvc.exe -- (SbieSvc)
SRV:[b]64bit:[/b] - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2012/07/11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:[b]64bit:[/b] - [2012/02/24 15:26:34 | 000,347,968 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV:[b]64bit:[/b] - [2011/07/08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2007/11/07 19:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/26 21:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/01/04 22:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/03/22 02:05:29 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:[b]64bit:[/b] - [2013/01/10 15:01:48 | 000,197,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie22\SbieDrv.sys -- (SbieDrv)
DRV:[b]64bit:[/b] - [2012/12/03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012/12/03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012/11/16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012/10/29 08:20:32 | 000,031,328 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:[b]64bit:[/b] - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:[b]64bit:[/b] - [2012/08/02 23:17:34 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2012/04/03 23:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/03/13 23:22:56 | 000,153,880 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:[b]64bit:[/b] - [2011/12/07 13:23:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2011/11/01 19:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:[b]64bit:[/b] - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:[b]64bit:[/b] - [2011/07/08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2011/07/08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/07/08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:[b]64bit:[/b] - [2009/09/29 18:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:[b]64bit:[/b] - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 23:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/08 10:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2008/11/20 03:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2008/08/28 20:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2007/02/06 23:19:32 | 000,022,528 | ---- | M] (         ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gt680x.sys -- (GT680x)
DRV - [2012/06/17 19:07:39 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\home\Desktop\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/06 23:19:32 | 000,022,528 | ---- | M] (         ) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\gt680x.sys -- (GT680x)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/15 08:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/05 07:37:41 | 000,000,000 | ---D | M]
 
[2013/03/15 08:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2013/03/15 08:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 02:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/03/14 12:28:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie22\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1619005563-1326942814-2406485245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/03 15:54:45 | 000,000,067 | ---- | M] () - C:\AutoRun_TEST_Log(0000).txt -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:27:50 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/03/18 06:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2013/03/15 08:21:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Mozilla
[2013/03/15 08:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/15 08:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/15 03:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/15 03:52:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Avira
[2013/03/15 03:49:31 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/15 03:49:31 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/15 03:49:31 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/15 03:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/15 03:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/15 03:14:11 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\VMware
[2013/03/15 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/03/15 03:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie22
[2013/03/15 02:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/15 02:57:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Ad-Aware Antivirus
[2013/03/15 02:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/15 02:56:54 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/03/15 02:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/15 02:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/15 02:54:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Downloaded Installations
[2013/03/14 21:24:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/14 12:45:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/14 12:36:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/14 12:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013/03/14 12:21:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/14 12:21:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/14 12:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/13 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2013/03/13 01:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\FG
[2013/03/12 01:02:31 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2013/03/12 01:02:30 | 000,000,000 | ---D | C] -- C:\Fraps
[2013/03/12 00:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard Professional 4.3.6
[2013/03/12 00:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2013/03/12 00:48:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v4
[2013/03/04 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\EA Games
[2013/03/04 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\EA Games
[2013/03/01 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Monte Cristo
[2013/03/01 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\My Scanned Doucoments
[2013/03/01 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\ScannerData
[2013/02/24 05:38:01 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2013/02/24 05:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/03/22 07:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/22 07:52:01 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/22 07:48:15 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 07:48:15 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 07:48:10 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Local\{EF9CC13E-5394-4F53-8FB6-410282962164}
[2013/03/22 02:41:36 | 000,918,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/22 02:41:36 | 000,759,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/22 02:41:36 | 000,158,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/22 02:05:47 | 000,003,128 | ---- | M] () -- C:\Users\home\AppData\Local\Temp18.html
[2013/03/22 02:05:39 | 000,001,293 | ---- | M] () -- C:\Users\home\AppData\Local\Temp1.html
[2013/03/22 02:05:29 | 000,032,152 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/03/19 19:27:47 | 000,002,674 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/03/19 13:56:16 | 000,610,106 | ---- | M] () -- C:\Users\home\Desktop\Community.S03E20.DVDRip.XviD-CLUE[(002796)13-50-58].JPG
[2013/03/18 02:00:34 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Local\{F2778C84-00B7-4C8A-ABFC-220376281B83}
[2013/03/15 08:22:29 | 000,004,796 | ---- | M] () -- C:\Users\home\AppData\Local\Temp83.html
[2013/03/15 08:19:26 | 000,002,954 | ---- | M] () -- C:\Users\home\AppData\Local\Temp55.html
[2013/03/15 04:06:48 | 000,007,588 | ---- | M] () -- C:\Users\home\AppData\Local\Resmon.ResmonCfg
[2013/03/15 03:50:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/15 03:18:34 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/03/15 03:07:18 | 000,189,410 | ---- | M] () -- C:\Users\home\Desktop\Capture.PNG
[2013/03/15 03:03:48 | 000,000,906 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/03/15 02:57:30 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/15 02:53:28 | 000,931,332 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 12:28:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/13 12:34:44 | 000,001,024 | ---- | M] () -- C:\.rnd
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/03/22 07:55:04 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Local\{644FC74D-B77D-4B70-BFA7-C841896348C7}
[2013/03/22 07:47:40 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Local\{EF9CC13E-5394-4F53-8FB6-410282962164}
[2013/03/22 02:05:47 | 000,003,128 | ---- | C] () -- C:\Users\home\AppData\Local\Temp18.html
[2013/03/22 02:05:29 | 000,032,152 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/03/19 13:51:01 | 000,610,106 | ---- | C] () -- C:\Users\home\Desktop\Community.S03E20.DVDRip.XviD-CLUE[(002796)13-50-58].JPG
[2013/03/18 02:00:34 | 000,000,000 | ---- | C] () -- C:\Users\home\AppData\Local\{F2778C84-00B7-4C8A-ABFC-220376281B83}
[2013/03/15 08:22:29 | 000,004,796 | ---- | C] () -- C:\Users\home\AppData\Local\Temp83.html
[2013/03/15 08:21:29 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/15 08:19:26 | 000,002,954 | ---- | C] () -- C:\Users\home\AppData\Local\Temp55.html
[2013/03/15 03:07:18 | 000,189,410 | ---- | C] () -- C:\Users\home\Desktop\Capture.PNG
[2013/03/15 03:04:02 | 000,000,906 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/03/15 03:03:59 | 000,002,674 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/03/15 02:57:30 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/14 12:21:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 12:21:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 12:21:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/14 12:21:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 12:21:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 16:25:32 | 000,000,934 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/06 10:22:00 | 000,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2013/01/26 09:56:01 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\amsh.sys
[2013/01/26 09:54:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\dtcu.sys
[2013/01/12 01:29:13 | 000,001,293 | ---- | C] () -- C:\Users\home\AppData\Local\Temp1.html
[2012/12/05 09:01:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/12/04 13:10:19 | 000,001,177 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/28 23:45:54 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2012/08/29 23:23:28 | 000,000,132 | ---- | C] () -- C:\Users\home\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/25 22:54:02 | 000,139,152 | ---- | C] () -- C:\Windows\SysWow64\kEvP64.sys
[2012/04/05 07:50:16 | 000,007,588 | ---- | C] () -- C:\Users\home\AppData\Local\Resmon.ResmonCfg
[2012/01/16 06:56:44 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/01/16 06:56:44 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/11/27 04:27:46 | 000,001,655 | ---- | C] () -- C:\Users\home\AppData\Roaming\SvcTraceViewer.exe.settings
[2011/11/26 01:39:10 | 000,022,528 | ---- | C] (         ) -- C:\Windows\SysWow64\drivers\gt680x.sys
[2011/11/19 02:50:40 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/28 02:48:48 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/28 02:48:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/28 02:48:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/28 02:48:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/28 02:48:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/27 09:50:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/27 09:47:30 | 000,931,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/27 09:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/10 03:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/01/11 00:07:55 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/01/11 00:07:55 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/03/15 03:02:35 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ad-Aware Antivirus
[2012/08/25 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AnvSoft
[2012/01/31 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Autorun Analyzer
[2011/12/08 00:45:50 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Bigasoft Total Video Converter
[2013/01/13 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Canneverbe Limited
[2013/01/12 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CCE
[2012/11/06 11:06:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/29 04:35:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2013/03/04 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DAEMON Tools Lite
[2011/11/02 13:21:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Foxit
[2012/05/19 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Foxit Software
[2013/01/16 07:01:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\HandBrake
[2012/08/26 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\IObit
[2012/01/31 12:59:49 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\KillSwitch
[2012/03/12 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Kunnafoni
[2011/12/03 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\LG Electronics
[2012/04/05 07:35:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Motorola
[2013/02/24 05:38:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2012/04/05 07:38:55 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Nokia
[2013/02/03 11:20:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Notepad++
[2012/07/16 11:39:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Opera
[2012/04/05 22:52:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PC Suite
[2012/06/30 03:12:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Process Hacker 2
[2012/07/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PunkBuster
[2012/05/31 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Red Alert 3
[2013/03/01 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ScannerData
[2011/10/30 04:20:54 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SumatraPDF
[2012/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\The Creative Assembly
[2012/12/04 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Theta
[2013/02/06 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TinyWall
[2012/07/16 11:21:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TownScape Found Viri
[2013/02/06 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TypingMaster7
[2012/08/24 04:49:34 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ubisoft
[2012/04/15 11:03:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\VSRevoGroup
[2013/01/26 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\WinPatrol
[2013/01/15 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Xilisoft
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/02/21 13:25:16 | 000,011,065 | ---- | M] ()(C:\Users\home\Desktop\???? ????????? ??????? ? ????? ????? ?????? ?????????.txt) -- C:\Users\home\Desktop\بصمة البرمجيات الخبيثة و كفائة برامج مكافحة الفيروسات.txt
[2013/02/21 13:25:16 | 000,011,065 | ---- | C] ()(C:\Users\home\Desktop\???? ????????? ??????? ? ????? ????? ?????? ?????????.txt) -- C:\Users\home\Desktop\بصمة البرمجيات الخبيثة و كفائة برامج مكافحة الفيروسات.txt

< End of report >

Edited by ranget, 22 March 2013 - 01:19 PM.

A big thanks to Dider Stevens

sorry for not being around

 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 23 March 2013 - 07:19 AM

The hidden processes are all system files.
They are hidden.

If you need to see them try this.

Windows 7
http://www.bleepingcomputer.com/tutorials/tutorial151.html

In all I think you computer is clean.

#11 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 24 March 2013 - 05:19 PM

the thing is i'm a traniee in computer malware removal

i do a lot of scan using a lot of tools

 

anway  those process  are both  hidden + the file they are accessing are hidden two !!!!!

i used Gmer to try look for those files in the files tab + alot of other ark tools

 

if it's a rootkit  it can be fixed or something

but if it's something bigger like  BIOS virus or something that something that concerns me

it's not paranoia because the evidence in the picture above

 

anyway how about i get you a gmer Log and MBAR  Log ?


A big thanks to Dider Stevens

sorry for not being around

 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 25 March 2013 - 08:01 AM

Yes no harm can be done from it.

What tool did you used to get the information on your firt picture?

#13 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 26 March 2013 - 04:15 PM

What tool did you used to get the information on your firt picture?
Process lister
 
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-03-24 12:51:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500AAJS-00VWA0 rev.12.01B02 232.89GB
Running: me2.exe; Driver: C:\Users\home\AppData\Local\Temp\kxldipow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                         0000000077bd1401 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                           0000000077bd1419 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                         0000000077bd1431 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                         0000000077bd144a 2 bytes [BD, 77]
.text    ...                                                                                                                                                                                         * 9
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                            0000000077bd14dd 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                     0000000077bd14f5 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                            0000000077bd150d 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                     0000000077bd1525 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                           0000000077bd153d 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                0000000077bd1555 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                         0000000077bd156d 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                           0000000077bd1585 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                              0000000077bd159d 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                           0000000077bd15b5 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                         0000000077bd15cd 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                     0000000077bd16b2 2 bytes [BD, 77]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                     0000000077bd16bd 2 bytes [BD, 77]

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef9bd741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef9bd5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef9bd5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef9bd5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef9bd7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef9bd6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef9bd6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef9bd7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef9bd7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef9bd78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef9bd4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef9bd5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[276] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef9bd7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread    [1708:1724]                                                                                                                                                                                00000000757c7587
Thread    [1708:1748]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:1752]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:1104]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:1116]                                                                                                                                                                                0000000077c441f3
Thread    [1708:1252]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2480]                                                                                                                                                                                0000000073b5e2db
Thread    [1708:2484]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:2488]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2492]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2496]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2500]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2504]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2508]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2512]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2516]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2520]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2524]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2528]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2532]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2536]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2540]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2544]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2548]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2552]                                                                                                                                                                                0000000073dbc41c
Thread    [1708:2556]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:2560]                                                                                                                                                                                00000000727f8de0
Thread    [1708:2564]                                                                                                                                                                                00000000727f8de0
Thread    [1708:2568]                                                                                                                                                                                00000000727f8de0
Thread    [1708:2572]                                                                                                                                                                                00000000727f4e00
Thread    [1708:2592]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:2808]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:3088]                                                                                                                                                                                0000000073dbc59c
Thread    [1708:3232]                                                                                                                                                                                0000000077c46679
Thread   C:\Windows\System32\svchost.exe [2032:2420]                                                                                                                                                 000007fef8939688
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @  [1708]                                                                                                                                                            0000000000bc0000
Library  ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2032]                                                                                                                             000007fefde10000

---- EOF - GMER 2.0 ----

A big thanks to Dider Stevens

sorry for not being around

 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:11 AM

Posted 27 March 2013 - 07:52 AM

I do not mind continuing this topic but please why is it that you do not have this conversation with your teacher at malware removal?

Can you give me a link to one of your post.

#15 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 27 March 2013 - 04:58 PM

I do not mind continuing this topic but please why is it that you do not have this conversation with your teacher at malware removal?

???

 

malware removal  ???????

 

i did some times at 247fixes school not malware removal 

i post poned there was  three problem at the time

1- was underattack router got hacked  " have proofs "

2-Gpu  burned up > the MB burned out

i post poned my studies till my issue get resolved

 

 

Can you give me a link to one of your post.

Post ??? where ???


Edited by ranget, 27 March 2013 - 05:00 PM.

A big thanks to Dider Stevens

sorry for not being around

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users