Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Za Alert, HEUR Trojan Win 2 StartPage


  • This topic is locked This topic is locked
25 replies to this topic

#1 Jerhyn

Jerhyn

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 12 August 2013 - 12:12 PM

I have been cleaning up my system for a few weeks now. And it is booting and running as fast as it ever has.

Most scans have come up with tracking cookies and adware. Which I cliked on remove.

Last night Zonealarm popped this one up as an alert

 

C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE//DATA0202

HEUR Trojan Win 2 StartPage

 

 

Dds Report

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2

Run by jerry at 9:57:35 on 2013-08-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.2366 [GMT -7:00]

.

AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: ZoneAlarm Firewall *Enabled*

FW: AVG Firewall *Disabled*

.

============== Running Processes ================

.

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

C:\WINDOWS\system32\kmw_run.exe

C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

C:\WINDOWS\system32\KMW_SHOW.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\MSI Afterburner\MSIAfterburner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [AcronisTibMounterMonitor] c:\program files\common files\acronis\tibmounter\TibMounterMonitor.exe

mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [kmw_run.exe] kmw_run.exe

mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburner.exe" /s

mRun: [MSWheel] <no file>

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349387553187

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350512490843

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

TCP: NameServer = 192.168.2.1 192.168.1.1

TCP: Interfaces\{59AD6629-35A9-4566-8B7F-1F7096E8364F} : DHCPNameServer = 192.168.2.1 192.168.1.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\documents and settings\jerry\desktop\antivirus\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jerry\application data\mozilla\firefox\profiles\i1igu1n3.default-1372708820671\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-08-04 10:10; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\jerry\application data\mozilla\firefox\profiles\i1igu1n3.default-1372708820671\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-08-04 10:11; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\jerry\application data\mozilla\firefox\profiles\i1igu1n3.default-1372708820671\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2013-5-14 81184]

R0 tib;Acronis TIB Manager;c:\windows\system32\drivers\tib.sys [2013-5-14 736192]

R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [2013-5-14 130488]

R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2013-5-14 116000]

R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [2013-5-14 85280]

R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2011-6-13 6144]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-1-6 584536]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-2 528000]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-5-14 3783672]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-4-24 22016]

R2 SDLService;SDLService;c:\program files\realtek\smart dual lan\SDLService.exe [2011-4-24 77824]

R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2013-3-20 7084672]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-5-14 234752]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]

R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]

R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2011-9-6 5632]

R3 rtkio;rtkio;c:\program files\realtek\smart dual lan\rtkio.sys [2011-4-24 5760]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-4-24 30392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-24 1691480]

S3 etdrv;etdrv;c:\windows\etdrv.sys [2013-7-5 17488]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-7-17 27064]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp1x\RpcAgentSrv.exe [2012-8-12 93848]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-8-21 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 753504]

S4 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-8-8 132744]

S4 fileHiders;fileHiders;c:\windows\system32\drivers\fileHiders.sys [2011-11-23 26392]

S4 Free Download Manager Controller;Free Download Manager Controller;c:\documents and settings\all users\application data\free download manager controller\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe --> c:\documents and settings\all users\application data\free download manager controller\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [?]

S4 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-4-24 24944]

S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S4 MFE_RR;MFE_RR;\??\c:\docume~1\jerry\locals~1\temp\mfe_rr.sys --> c:\docume~1\jerry\locals~1\temp\mfe_rr.sys [?]

S4 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-8-8 138760]

S4 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\jerry\local settings\temp\tmp16.tmp --> c:\documents and settings\jerry\local settings\temp\tmp16.tmp [?]

.

=============== Created Last 30 ================

.

2013-08-12 15:54:40 15616 ----a-w- c:\windows\system32\TrueSight.sys

2013-08-10 23:24:49 -------- d-----w- c:\documents and settings\all users\application data\Licenses

2013-08-10 23:24:32 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2013-08-10 23:24:31 -------- d-----w- c:\program files\SpywareBlaster

2013-08-09 19:28:12 -------- d-----w- c:\program files\ESET

2013-08-09 18:11:44 -------- d-----w- c:\program files\tspareturbine

2013-08-09 00:06:28 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-08-09 00:06:28 -------- d-----w- c:\windows\system32\wbem\Repository

2013-08-09 00:04:29 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2013-08-09 00:04:29 -------- d-----w- c:\program files\FixCleaner

2013-08-09 00:04:29 -------- d-----w- c:\program files\AOL Toolbar

2013-08-09 00:04:29 -------- d-----w- c:\documents and settings\jerry\application data\Systweak

2013-08-09 00:04:29 -------- d-----w- c:\documents and settings\jerry\application data\FixCleaner

2013-08-08 23:50:45 -------- d--h--w- c:\windows\ie8

2013-08-08 22:19:20 -------- d-----w- c:\windows\system32\URTTEMP

2013-08-08 20:16:30 -------- d-----w- c:\program files\File Type Assistant

2013-08-08 19:22:59 -------- d-----w- c:\documents and settings\jerry\application data\iolo

2013-08-08 19:18:06 -------- d-----w- c:\program files\iolo

2013-08-08 19:01:35 -------- d-----w- c:\documents and settings\jerry\local settings\application data\The Lord of the Rings Online

2013-08-08 18:58:23 -------- d-----w- c:\windows\ie8updates

2013-08-03 15:23:04 -------- d-----w- c:\documents and settings\jerry\local settings\application data\The Lord of the Rings Online(2)

2013-08-01 21:10:35 -------- d-----w- c:\windows\ie8updates(2)

2013-08-01 15:56:40 -------- d-----w- c:\windows\system32\NtmsData

2013-07-31 18:58:19 -------- d-sh--w- C:\RECYCLER(3)

2013-07-31 16:47:32 -------- d-----w- c:\windows\system32\URTTemp(2)

2013-07-24 21:56:13 -------- d-----w- c:\documents and settings\jerry\local settings\application data\PMB Files

2013-07-23 22:29:20 -------- d-----w- C:\RECYCLER(2)

2013-07-23 21:00:02 -------- d-----w- C:\cmdcons

2013-07-23 20:56:31 -------- d-----w- C:\123KomboFix

2013-07-19 01:27:33 -------- d-----w- c:\program files\Reason

2013-07-17 16:52:23 -------- d-----w- c:\documents and settings\jerry\local settings\application data\VS Revo Group

2013-07-17 16:52:05 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group

2013-07-17 16:52:04 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2013-07-17 16:52:03 -------- d-----w- c:\program files\VS Revo Group

.

==================== Find3M ====================

.

2013-08-12 16:41:46 7304 ----a-w- c:\windows\TMP0001.TMP

2013-07-17 16:40:52 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys

2013-07-17 16:40:04 17488 ----a-w- c:\windows\gdrv.sys

2013-07-15 17:58:38 17488 ----a-w- c:\windows\etdrv.sys

2013-06-28 20:10:12 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-06-28 20:10:12 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-06-28 20:08:35 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-06-27 20:45:10 25600 ----a-w- c:\windows\system32\aaaamon.dll

2013-06-26 15:58:00 181808 ----a-w- c:\windows\RegBootClean.exe

2013-06-26 05:12:13 133208 ----a-w- c:\windows\system32\drivers\90283620.sys

2013-06-26 05:12:13 133208 ----a-w- c:\windows\system32\drivers\61931989.sys

2013-06-26 05:12:13 133208 ----a-w- c:\windows\system32\drivers\55438937.sys

2013-06-26 05:12:13 133208 ----a-w- c:\windows\system32\drivers\23899831.sys

2013-06-26 05:12:13 133208 ----a-w- c:\windows\system32\drivers\13178575.sys

2013-06-22 17:55:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-22 17:55:44 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-06-22 17:55:44 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-06-11 22:57:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-11 22:57:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-08 06:55:44 385024 ----a-w- c:\windows\system32\html.iec

2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(2)(3).dll

2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(2)(3).dll

2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(2)(3).dll

2013-06-07 21:56:05 2005504 ----a-w- c:\windows\system32\iertutil(2)(3).dll

2013-06-07 21:56:05 11112960 ----a-w- c:\windows\system32\ieframe(3)(3).dll

2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k(2)(2).sys

2013-05-14 22:56:33 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys

2013-05-14 22:56:28 888640 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2013-05-14 22:56:25 130488 ----a-w- c:\windows\system32\drivers\tib_mounter.sys

2013-05-14 22:56:08 736192 ----a-w- c:\windows\system32\drivers\tib.sys

2013-05-14 22:56:04 116000 ----a-w- c:\windows\system32\drivers\vididr.sys

2013-05-14 22:56:03 85280 ----a-w- c:\windows\system32\drivers\vidsflt.sys

2013-05-14 22:56:00 158496 ----a-w- c:\windows\system32\drivers\snapman.sys

2013-05-14 22:55:17 81184 ----a-w- c:\windows\system32\drivers\fltsrv.sys

.

============= FINISH: 9:59:28.40 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 12 August 2013 - 04:34 PM

Good evening. :)

C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE - Can you tell me where you got this file from?

 

 

 


So long, and thanks for all the fish.

 

 


#3 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 12 August 2013 - 04:54 PM

No Idea where it came from. Zone alarm during a daily scan listed it as a heur trojan,. and claimed to have deleted it. I have looked at my file folder for desktop, and it is not listed. then the next day the same scan lists it under a slightly different name, like gusetup.exe//data0005.

 

It has reappeared at least 3 times in the last week. malware bytes and sophos dont list it. I was wondering if it was a false positive by Za, but not being to locate the file name and it renaming itself makes me think it's up to no good.

If I can find it, I want it deleted.



#4 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 12 August 2013 - 05:24 PM

I just reran a manual Za scan, this time it completed successfully. no threats.

 

I looked back in the Za log, the gusetup was detected 3 times, on succesive dates. The first two dates it lists it as infected, file repair failed, delete failed.

 

Last night it is listed as deleted.

 

Perhaps it got it after all.



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 13 August 2013 - 04:04 PM

Good evening. :)

The issue with the item in question, C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE//DATA0202, is actually about something called DATA0202 contained within the file C:\DOCUMENTS AND SETTINGS \JERRY\DESKTOP\GUSETUP.EXE. If the file has been obtained from a legitimate source then i'd consider it to be a false positive as it would appear to be something called Glary Utilities from GlarySoft. Obviously it could be a malicious file with the same name, or a legitimate file with something extra added to make it nasty, which would be more likely if it was downloaded from a non-legitimate site, but you'd know better than me on that score.

 

The "HEUR" part of the infection name refers to a heuristic detection which is basically a "it looked like it might be suspicious" opinion rather than a "Oh my word, it's a really nasty infection!" fact, so again it could be a false positive.

 

If the file is legitimate then you don't have anything to worry about, apart from getting hold of another copy if you did want to install the utility in question. If it's malicious then if you haven't run the file, as long as it has been deleted, i'd consider the issue resolved. If you have run the file then that would obviously be an issue, but you'll need to confirm that for me.

 


So long, and thanks for all the fish.

 

 


#6 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 16 August 2013 - 12:20 PM

I think I have exorcized all the demons from this system. I used to think I had enough " security" with a firewall, za - anti virus and win patroll checking any new install attempts.

I realize now that the malware has gotten more invasive. I was trying various websites and computer scanners to resolve a system slowdown, only to see it get worse.

About 3 weeks ago I hit on this site while seeking yet another answer.

Here the scans actually identrify the issues, and there is help in resolving them.

I had several issues to boot.

1 get malware bytes, abnd za to get  a clean scan.

2 get windows tio update .net framework 1, 2, 3, 4. They would fail update, and refuse to be rermoved/ reinstalled.

 

I think I got that done.

If you could let me know which scan logs to post and see if Im really done please.



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 16 August 2013 - 02:11 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


Will you also throw in a fresh DDS log and let me know how the PC is behaving.


So long, and thanks for all the fish.

 

 


#8 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 17 August 2013 - 02:37 PM

Ok, not as clean as I had hoped !   C:\Documents and Settings\jerry\Desktop\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\jerry\Desktop\youtube-to-mp3-converter.exe    Win32/OpenCandy application C:\Documents and Settings\jerry\Desktop\ANTIVIRUS\driver_fusion_1.2.0.exe    Win32/OpenCandy application C:\Documents and Settings\jerry\Desktop\FOLDERS\overflow\setup(2).exe    a variant of Win32/Adware.ErrorRepair application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP209\A0134792.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP210\A0134920.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP213\A0136161.exe    Win32/OpenCandy application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP213\A0136179.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP215\A0136657.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP242\A0167605.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP242\A0176545.exe    Win32/OpenCandy application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP277\A0179829.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP281\A0188673.exe    a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP287\A0234447.exe    probably a variant of Win32/Spy.Agent.NVU trojan C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP287\A0234448.exe    probably a variant of Win32/Spy.Agent.NVU trojan C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP289\A0234523.exe    a variant of Win32/Bundled.Toolbar.Ask application  

 

 

Eset is still up, Should I Delete Quarentined files ?


Edited by Jerhyn, 17 August 2013 - 02:46 PM.


#9 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 17 August 2013 - 02:48 PM

C:\Documents and Settings\jerry\Desktop\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\jerry\Desktop\youtube-to-mp3-converter.exe Win32/OpenCandy application
C:\Documents and Settings\jerry\Desktop\ANTIVIRUS\driver_fusion_1.2.0.exe Win32/OpenCandy application
C:\Documents and Settings\jerry\Desktop\FOLDERS\overflow\setup(2).exe a variant of Win32/Adware.ErrorRepair application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP209\A0134792.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP210\A0134920.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP213\A0136161.exe Win32/OpenCandy application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP213\A0136179.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP215\A0136657.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP242\A0167605.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP242\A0176545.exe Win32/OpenCandy application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP277\A0179829.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP281\A0188673.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP287\A0234447.exe probably a variant of Win32/Spy.Agent.NVU trojan
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP287\A0234448.exe probably a variant of Win32/Spy.Agent.NVU trojan
C:\System Volume Information\_restore{C8633015-CAB4-4A89-8A9E-01834A29EB35}\RP289\A0234523.exe a variant of Win32/Bundled.Toolbar.Ask application

 

I dont know if thgis format is better, its the same text as above



#10 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 17 August 2013 - 03:13 PM

Fresh dds file

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by jerry at 13:08:07 on 2013-08-17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3325.1323 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTibMounterMonitor] c:\program files\common files\acronis\tibmounter\TibMounterMonitor.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [kmw_run.exe] kmw_run.exe
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburner.exe" /s
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MSWheel] <no file>
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349387553187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350512490843
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{59AD6629-35A9-4566-8B7F-1F7096E8364F} : DHCPNameServer = 192.168.2.1 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jerry\application data\mozilla\firefox\profiles\i1igu1n3.default-1372708820671\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-08-15 10:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2013-5-14 81184]
R0 tib;Acronis TIB Manager;c:\windows\system32\drivers\tib.sys [2013-5-14 736192]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [2013-5-14 130488]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2013-5-14 116000]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [2013-5-14 85280]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2011-6-13 6144]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-1-6 584536]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-2 528000]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-5-14 3783672]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-4-24 22016]
R2 SDLService;SDLService;c:\program files\realtek\smart dual lan\SDLService.exe [2011-4-24 77824]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2013-3-20 7084672]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-5-14 234752]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2011-9-6 5632]
R3 rtkio;rtkio;c:\program files\realtek\smart dual lan\rtkio.sys [2011-4-24 5760]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-4-24 30392]
R4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R4 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]
R4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-24 1691480]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2013-7-5 17488]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-7-17 27064]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp1x\RpcAgentSrv.exe [2012-8-12 93848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-8-21 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-8-8 132744]
S4 fileHiders;fileHiders;c:\windows\system32\drivers\fileHiders.sys [2011-11-23 26392]
S4 Free Download Manager Controller;Free Download Manager Controller;c:\documents and settings\all users\application data\free download manager controller\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe --> c:\documents and settings\all users\application data\free download manager controller\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [?]
S4 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-4-24 24944]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S4 MFE_RR;MFE_RR;\??\c:\docume~1\jerry\locals~1\temp\mfe_rr.sys --> c:\docume~1\jerry\locals~1\temp\mfe_rr.sys [?]
S4 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-8-8 138760]
S4 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\jerry\local settings\temp\tmp16.tmp --> c:\documents and settings\jerry\local settings\temp\tmp16.tmp [?]
.
=============== Created Last 30 ================
.
2013-08-15 22:03:20    --------    d-----w-    c:\windows\system32\URTTEMP
2013-08-15 20:54:20    --------    d-----w-    c:\windows\system32\XPSViewer
2013-08-15 18:10:44    --------    d-----w-    c:\documents and settings\jerry\local settings\application data\PCHealth
2013-08-15 18:01:55    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 17:44:57    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-08-14 17:44:57    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-08-13 02:49:09    --------    d-----w-    c:\documents and settings\jerry\application data\ZeoBIT
2013-08-13 02:49:09    --------    d-----w-    c:\documents and settings\jerry\application data\FreeFLVConverter
2013-08-13 02:49:07    --------    d-----w-    c:\program files\Exterminate It!
2013-08-13 02:49:07    --------    d-----w-    c:\documents and settings\jerry\application data\iolo
2013-08-13 02:49:06    --------    d-----w-    c:\program files\AVAST Software
2013-08-13 02:49:06    --------    d-----w-    c:\documents and settings\jerry\application data\Tific
2013-08-12 15:54:40    15616    ----a-w-    c:\windows\system32\TrueSight.sys
2013-08-10 23:24:49    --------    d-----w-    c:\documents and settings\all users\application data\Licenses
2013-08-10 23:24:32    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2013-08-10 23:24:31    --------    d-----w-    c:\program files\SpywareBlaster
2013-08-09 19:28:12    --------    d-----w-    c:\program files\ESET
2013-08-09 18:11:44    --------    d-----w-    c:\program files\tspareturbine
2013-08-09 00:04:29    --------    d-sh--w-    c:\windows\system32\AI_RecycleBin
2013-08-09 00:04:29    --------    d-----w-    c:\program files\AOL Toolbar
2013-08-09 00:04:29    --------    d-----w-    c:\documents and settings\jerry\application data\Systweak
2013-08-08 23:50:45    --------    d--h--w-    c:\windows\ie8
2013-08-08 20:16:30    --------    d-----w-    c:\program files\File Type Assistant
2013-08-08 19:18:06    --------    d-----w-    c:\program files\iolo
2013-08-08 19:01:35    --------    d-----w-    c:\documents and settings\jerry\local settings\application data\The Lord of the Rings Online
2013-08-08 18:58:23    --------    d-----w-    c:\windows\ie8updates
2013-08-03 15:23:04    --------    d-----w-    c:\documents and settings\jerry\local settings\application data\The Lord of the Rings Online(2)
2013-08-01 21:10:35    --------    d-----w-    c:\windows\ie8updates(2)
2013-08-01 15:56:40    --------    d-----w-    c:\windows\system32\NtmsData
2013-07-31 18:58:19    --------    d-sh--w-    C:\RECYCLER(3)
2013-07-31 16:47:32    --------    d-----w-    c:\windows\system32\URTTemp(2)
2013-07-24 21:56:13    --------    d-----w-    c:\documents and settings\jerry\local settings\application data\PMB Files
2013-07-23 22:29:20    --------    d-----w-    C:\RECYCLER(2)
2013-07-23 21:00:02    --------    d-----w-    C:\cmdcons
2013-07-23 20:56:31    --------    d-----w-    C:\123KomboFix
2013-07-19 01:27:33    --------    d-----w-    c:\program files\Reason
.
==================== Find3M  ====================
.
2013-08-17 13:30:59    7304    ----a-w-    c:\windows\TMP0001.TMP
2013-07-26 02:47:17    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-07-26 02:47:13    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-07-17 16:40:52    24944    ----a-w-    c:\windows\system32\drivers\GVTDrv.sys
2013-07-17 16:40:04    17488    ----a-w-    c:\windows\gdrv.sys
2013-07-15 17:58:38    17488    ----a-w-    c:\windows\etdrv.sys
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-28 20:10:12    1072544    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2013-06-28 20:10:12    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2013-06-28 20:08:35    1072544    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2013-06-27 20:45:10    25600    ----a-w-    c:\windows\system32\aaaamon.dll
2013-06-26 15:58:00    181808    ----a-w-    c:\windows\RegBootClean.exe
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\90283620.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\61931989.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\55438937.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\23899831.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\13178575.sys
2013-06-22 17:55:46    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 17:55:44    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-22 17:55:44    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-06-11 22:57:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 22:57:24    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet(2)(3).dll
2013-06-07 21:56:06    1215488    ----a-w-    c:\windows\system32\urlmon(2)(3).dll
2013-06-07 21:56:06    105984    ----a-w-    c:\windows\system32\url(2)(3).dll
2013-06-07 21:56:05    2005504    ----a-w-    c:\windows\system32\iertutil(2)(3).dll
2013-06-07 21:56:05    11112960    ----a-w-    c:\windows\system32\ieframe(3)(3).dll
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k(2)(2).sys
2013-05-28 01:59:37    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07    6144    ----a-w-    c:\windows\system32\xpsp4res.dll
.
============= FINISH: 13:10:52.67 ===============
 



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 19 August 2013 - 03:19 PM

Good evening. :)

Have you run any software from Kaspersky at all - around 2013-06-26.


So long, and thanks for all the fish.

 

 


#12 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 19 August 2013 - 04:02 PM

I ran Kaspersky scan about that time, but it didnt work, seemed to crash, I tried removing it, but I have seen klif files that resist removal.

At the time I was thinking that a virus was shutting it down, had other problems like netcard drivers were deleted, had to reinstall from disk.



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:53 AM

Posted 19 August 2013 - 04:22 PM

That would account for the following files:

 

2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\90283620.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\61931989.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\55438937.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\23899831.sys
2013-06-26 05:12:13    133208    ----a-w-    c:\windows\system32\drivers\13178575.sys

 

A search suggested that they were Kav files, but I wanted to make sure.

 

The C:\System Volume Information detectio9ns are items held within System Restore Points. They only pose a "threat" if you use one of the points in question. Of the others, three are installers that contain either OpenCandy or Ask Toolbar - both of which you can put into a search engine to decide whether or not you want to install those items. They don't pose a serious threat but I wouldn't want them on my system.

The last one, Adware.ErrorRepair, I am not familiar with so you will need to look into that one before you run the installer, assuming that you haven't already done so.

 

There are a couple of things that need tidying up, so run the following and post accordingly (it not only produces a log but also removes various things when directed to - DDS doesn't touch the contents of the hard drive.)

 

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 

 


So long, and thanks for all the fish.

 

 


#14 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 19 August 2013 - 05:40 PM

OTL logfile created on: 8/19/2013 3:23:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 64.15% Memory free
5.09 Gb Paging File | 3.97 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 567.53 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
Drive D: | 4.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BLACK | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/19 15:22:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jerry\Desktop\OTL.exe
PRC - [2013/08/17 06:50:42 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 15:56:30 | 003,783,672 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/03/27 22:33:02 | 006,365,920 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/03/23 01:22:24 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2013/02/15 13:07:20 | 000,412,480 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2013/02/15 12:59:48 | 000,830,376 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2013/01/22 23:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
PRC - [2013/01/10 14:12:20 | 001,103,424 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2013/01/02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/02 14:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/11/22 07:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/09/19 16:59:40 | 000,192,832 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2011/09/19 16:59:36 | 000,135,488 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/02/24 00:19:56 | 000,077,824 | R--- | M] () -- C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
PRC - [2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/22 18:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2004/01/27 09:39:04 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
PRC - [2004/01/27 09:39:04 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/17 06:50:42 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/03/27 22:36:30 | 000,021,312 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2013/03/27 22:09:00 | 000,420,160 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
MOD - [2013/01/22 23:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
MOD - [2013/01/16 09:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTMUI.dll
MOD - [2013/01/16 09:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTHAL.dll
MOD - [2013/01/16 09:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTCore.dll
MOD - [2013/01/16 09:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTUI.dll
MOD - [2013/01/16 09:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTFC.dll
MOD - [2012/11/28 14:06:22 | 002,929,488 | -HS- | M] () -- \\?\C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady\Cache\S-1-5-21-602162358-527237240-1801674531-1004\MSPRindiv02.key
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/02/24 00:19:56 | 000,077,824 | R--- | M] () -- C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
MOD - [2010/01/20 22:23:30 | 000,053,248 | R--- | M] () -- C:\Program Files\Realtek\Smart Dual Lan\rtkio.dll
MOD - [2004/01/27 09:39:04 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager Controller\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe -- (Free Download Manager Controller)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/12 10:26:18 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/22 10:55:45 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/11 15:57:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/14 15:56:30 | 003,783,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/03/23 01:22:24 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/02/15 12:59:48 | 000,830,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/02/05 08:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/11/22 07:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/09/19 16:59:40 | 000,192,832 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2010/02/24 00:19:56 | 000,077,824 | R--- | M] () [Auto | Running] -- C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe -- (SDLService)
SRV - [2009/08/10 10:44:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Documents and Settings\jerry\Local Settings\Temp\tmp16.tmp -- (WinRing0_1_2_0)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\jerry\LOCALS~1\Temp\mfe_rr.sys -- (MFE_RR)
DRV - [2013/08/12 08:54:40 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - [2013/07/17 09:40:52 | 000,024,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2013/07/17 09:40:04 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/07/15 10:58:38 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2013/05/14 15:56:33 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2013/05/14 15:56:28 | 000,888,640 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2013/05/14 15:56:25 | 000,130,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib_mounter.sys -- (tib_mounter)
DRV - [2013/05/14 15:56:08 | 000,736,192 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tib.sys -- (tib)
DRV - [2013/05/14 15:56:04 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2013/05/14 15:56:03 | 000,085,280 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vidsflt.sys -- (vidsflt)
DRV - [2013/05/14 15:56:00 | 000,158,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2013/05/14 15:55:17 | 000,081,184 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/02/18 09:22:18 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2013/01/02 14:38:52 | 000,528,000 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/22 07:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/11/15 22:06:12 | 000,584,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/11/23 14:30:46 | 000,026,392 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fileHiders.sys -- (fileHiders)
DRV - [2011/09/06 05:24:40 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2011/08/08 16:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/06 19:37:16 | 000,104,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2010/07/06 11:13:10 | 000,234,392 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/01/20 22:23:30 | 000,022,016 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2010/01/20 22:23:30 | 000,005,760 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Realtek\Smart Dual Lan\rtkio.sys -- (rtkio)
DRV - [2009/12/22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/11/20 04:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 04:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/15 13:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/01/27 09:39:04 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2004/01/27 09:39:02 | 000,090,752 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2004/01/27 09:39:02 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [1995/11/07 02:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {D1108ED3-3AAD-41A8-834E-4D7DE63060D7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6F2ECADA-EB91-4204-A6A3-831FDE47A621}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{B364DFED-F887-4E5F-A77B-CA709FC2668B}: "URL" = http://search.avg.com/route/?d=4deec964&v=7.5.30.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{D0D855BF-E640-4A60-89AD-14FA26AE1EEA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5573FE04-A415-463E-A06C-B3096B824F70&apn_sauid=554CEA99-D9D4-48F3-A0FC-27E710C91C1D
IE - HKCU\..\SearchScopes\{D1108ED3-3AAD-41A8-834E-4D7DE63060D7}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN22274319618823-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=fca5fe6d0000000000001c6f65c205b5&q={searchTerms}&r=296
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/01/06 18:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 06:50:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 06:50:33 | 000,000,000 | ---D | M]
 
[2013/05/16 16:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jerry\Application Data\Mozilla\Extensions
[2013/08/12 10:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jerry\Application Data\Mozilla\Firefox\Profiles\i1igu1n3.default-1372708820671\extensions
[2013/08/17 06:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2013/08/17 06:50:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2013/08/17 06:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 06:50:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/07/23 14:18:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files\MSI Afterburner\MSIAfterburner.exe ()
O4 - HKLM..\Run: [MSWheel]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2013/08/08 13:10:32 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349387553187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350512490843 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59AD6629-35A9-4566-8B7F-1F7096E8364F}: DhcpNameServer = 192.168.2.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/24 06:36:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/11/12 00:59:21 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{165656d4-835c-11e1-a385-1c6f65c205b5}\Shell - "" = AutoRun
O33 - MountPoints2\{165656d4-835c-11e1-a385-1c6f65c205b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{165656d4-835c-11e1-a385-1c6f65c205b5}\Shell\AutoRun\command - "" = F:\AutoRun.exe /s
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/19 15:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jerry\Desktop\OTL.exe
[2013/08/17 06:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 06:35:00 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(3).exe
[2013/08/16 21:09:13 | 001,415,824 | ---- | C] (ESET) -- C:\Documents and Settings\jerry\Desktop\eset_smart_security_live_installer.exe
[2013/08/16 15:25:59 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(2).exe
[2013/08/15 15:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013/08/15 13:54:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/08/15 13:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/08/15 13:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/08/15 11:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Local Settings\Application Data\PCHealth
[2013/08/15 11:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/13 15:56:57 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(1).exe
[2013/08/12 20:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-zip
[2013/08/12 20:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2013/08/12 19:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\ZeoBIT
[2013/08/12 19:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\FreeFLVConverter
[2013/08/12 19:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\Leadertech
[2013/08/12 19:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\iolo
[2013/08/12 19:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\Identities
[2013/08/12 19:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2013/08/12 19:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Exterminate It!
[2013/08/12 19:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\Tific
[2013/08/12 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/12 08:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Desktop\RK_Quarantine
[2013/08/10 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/08/10 16:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/08/10 16:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/08/09 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/09 12:26:11 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu.exe
[2013/08/09 12:07:39 | 004,095,448 | ---- | C] (BrightFort LLC                                              ) -- C:\Documents and Settings\jerry\Desktop\spywareblastersetup50.exe
[2013/08/09 11:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\tspareturbine
[2013/08/08 17:04:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/08 17:04:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/08/08 17:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Application Data\Systweak
[2013/08/08 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2013/08/08 17:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/08/08 16:50:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/08/08 14:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2013/08/08 13:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2013/08/08 13:10:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2013/08/08 12:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2013/08/08 12:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2013/08/08 12:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Local Settings\Application Data\The Lord of the Rings Online
[2013/08/08 11:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/08/08 11:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Desktop\Guru3D.com
[2013/08/04 10:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Desktop\Old Firefox Data-4(2)
[2013/08/03 08:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Local Settings\Application Data\The Lord of the Rings Online(2)
[2013/08/01 14:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates(2)
[2013/08/01 08:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/07/31 11:58:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER(3)
[2013/07/31 11:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine(2)
[2013/07/31 09:47:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp(2)
[2013/07/31 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Desktop\dotnetfx_cleanup_tool
[2013/07/24 14:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Local Settings\Application Data\PMB Files
[2013/07/23 15:29:20 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2013/07/23 14:00:02 | 000,000,000 | ---D | C] -- C:\cmdcons
[2013/07/23 13:56:31 | 000,000,000 | ---D | C] -- C:\123KomboFix
[2013/07/23 12:03:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/23 12:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/23 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jerry\Desktop\New Folder (3)
[418 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[396 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jerry\*.tmp files -> C:\Documents and Settings\jerry\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/19 15:22:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jerry\Desktop\OTL.exe
[2013/08/19 09:49:28 | 000,013,766 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/19 09:49:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/17 13:07:03 | 000,009,535 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\SCAN TIMES.ods
[2013/08/17 12:35:15 | 000,012,290 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\esetscanjs.odt
[2013/08/17 12:31:58 | 000,117,653 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\Donna.cpt
[2013/08/17 09:58:04 | 002,463,452 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\lotro statue sutcrofts.cpt
[2013/08/17 06:35:13 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(3).exe
[2013/08/16 21:09:13 | 001,415,824 | ---- | M] (ESET) -- C:\Documents and Settings\jerry\Desktop\eset_smart_security_live_installer.exe
[2013/08/16 15:26:13 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(2).exe
[2013/08/15 15:10:32 | 000,570,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 15:10:32 | 000,108,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/15 14:00:58 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 12:02:31 | 000,265,598 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\dotnetfx_cleanup_tool.zip
[2013/08/15 10:55:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 10:50:56 | 001,995,554 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\AutoRunsfast.arn
[2013/08/14 10:20:47 | 002,001,850 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\AutoRunslagload.arn
[2013/08/13 19:25:54 | 009,167,352 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\jerry\Desktop\HitmanPro(4).exe
[2013/08/13 15:57:08 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu(1).exe
[2013/08/13 09:21:57 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2013/08/12 10:23:50 | 001,160,856 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\mozilla firefox setup.exe
[2013/08/12 10:07:23 | 000,007,123 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\attachjs.7z
[2013/08/12 09:49:42 | 000,018,318 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\VIRUS WARNINGS.ODT
[2013/08/12 09:38:36 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\adwcleaner.exe
[2013/08/12 08:54:40 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/08/10 17:30:31 | 000,010,089 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\Lotro  Macro key best.odt
[2013/08/10 17:22:52 | 000,013,969 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\new chair.odt
[2013/08/10 16:24:32 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/08/09 12:53:19 | 000,009,012 | ---- | M] () -- C:\Documents and Settings\jerry\My Documents\malware steps.odt
[2013/08/09 12:34:50 | 000,891,115 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\SecurityCheck.exe
[2013/08/09 12:26:23 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\jerry\Desktop\esetsmartinstaller_enu.exe
[2013/08/09 12:07:56 | 004,095,448 | ---- | M] (BrightFort LLC                                              ) -- C:\Documents and Settings\jerry\Desktop\spywareblastersetup50.exe
[2013/08/09 11:37:07 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\6SKYHAWK8.lnk
[2013/08/09 10:29:21 | 000,263,988 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\KAV_Registry_Clean.zip
[2013/08/08 11:50:02 | 000,013,087 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\restore dates.odt
[2013/08/05 08:26:33 | 002,000,094 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\AutoRuns14interrupts.arn
[2013/08/05 08:24:57 | 001,195,396 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\AutoRuns15interrupts.arn
[2013/08/03 08:02:20 | 000,003,229 | ---- | M] () -- C:\Documents and Settings\jerry\My Documents\UserPreferences.ini
[2013/08/03 07:56:46 | 000,010,258 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\84pch.odt
[2013/08/01 13:29:35 | 000,009,990 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\tried to update ie8.odt
[2013/08/01 13:24:16 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\Internet Explorer Troubleshooting.url
[2013/08/01 12:46:16 | 000,023,108 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\removin sp32.odt
[2013/07/31 16:18:45 | 000,020,214 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\xp clean boot.odt
[2013/07/25 11:47:59 | 000,086,381 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\run a dll as app.cpt
[2013/07/24 16:26:10 | 000,907,571 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\UDC-07.09.13c.zip
[2013/07/24 13:25:59 | 000,016,543 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\keys.odt
[2013/07/23 14:18:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/22 20:38:14 | 000,087,000 | ---- | M] () -- C:\Documents and Settings\jerry\My Documents\cc_20130722_203757.reg
[2013/07/22 11:47:26 | 000,012,041 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\Medlist.odt
[2013/07/22 10:23:58 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2013/07/22 09:15:01 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\jerry\Desktop\VIRUS ALERT ZONE.rtf
[418 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[396 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\jerry\*.tmp files -> C:\Documents and Settings\jerry\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/17 12:35:14 | 000,012,290 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\esetscanjs.odt
[2013/08/17 12:31:58 | 000,117,653 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\Donna.cpt
[2013/08/17 09:58:03 | 002,463,452 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\lotro statue sutcrofts.cpt
[2013/08/14 17:46:29 | 000,009,535 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\SCAN TIMES.ods
[2013/08/14 10:50:56 | 001,995,554 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\AutoRunsfast.arn
[2013/08/14 10:20:46 | 002,001,850 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\AutoRunslagload.arn
[2013/08/12 10:23:50 | 001,160,856 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\mozilla firefox setup.exe
[2013/08/12 10:07:23 | 000,007,123 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\attachjs.7z
[2013/08/12 09:38:36 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\adwcleaner.exe
[2013/08/12 08:54:40 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/08/11 18:22:18 | 000,018,318 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\VIRUS WARNINGS.ODT
[2013/08/10 17:22:52 | 000,013,969 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\new chair.odt
[2013/08/10 16:24:32 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/08/09 12:34:49 | 000,891,115 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\SecurityCheck.exe
[2013/08/09 12:23:27 | 000,009,012 | ---- | C] () -- C:\Documents and Settings\jerry\My Documents\malware steps.odt
[2013/08/09 10:29:20 | 000,263,988 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\KAV_Registry_Clean.zip
[2013/08/08 11:50:00 | 000,013,087 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\restore dates.odt
[2013/08/05 08:26:32 | 002,000,094 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\AutoRuns14interrupts.arn
[2013/08/05 08:24:56 | 001,195,396 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\AutoRuns15interrupts.arn
[2013/08/03 14:49:46 | 000,010,089 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\Lotro  Macro key best.odt
[2013/08/03 07:47:14 | 000,010,258 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\84pch.odt
[2013/08/01 13:29:34 | 000,009,990 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\tried to update ie8.odt
[2013/08/01 12:46:16 | 000,023,108 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\removin sp32.odt
[2013/07/31 16:18:45 | 000,020,214 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\xp clean boot.odt
[2013/07/31 15:55:38 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\Internet Explorer Troubleshooting.url
[2013/07/31 09:27:50 | 000,265,598 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\dotnetfx_cleanup_tool.zip
[2013/07/25 11:47:59 | 000,086,381 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\run a dll as app.cpt
[2013/07/24 14:34:42 | 000,907,571 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\UDC-07.09.13c.zip
[2013/07/24 13:25:58 | 000,016,543 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\keys.odt
[2013/07/23 14:00:12 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2013/07/23 14:00:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/22 20:38:09 | 000,087,000 | ---- | C] () -- C:\Documents and Settings\jerry\My Documents\cc_20130722_203757.reg
[2013/07/22 11:45:36 | 000,012,041 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\Medlist.odt
[2013/07/22 10:23:58 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2013/07/22 09:15:01 | 000,001,099 | ---- | C] () -- C:\Documents and Settings\jerry\Desktop\VIRUS ALERT ZONE.rtf
[2013/06/28 16:24:45 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/06/26 08:58:00 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2013/06/21 15:34:12 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/21 15:34:07 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/21 15:34:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/21 11:55:19 | 002,292,118 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/05/05 13:26:15 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\jerry\PCTuneUp.config
[2013/01/11 12:36:07 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2013/01/09 10:28:26 | 000,002,249 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/11/23 12:55:41 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/09/28 12:45:16 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\rtvcvfw64.dll
[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\rtvcvfw32.dll
[2012/08/12 12:58:18 | 010,977,280 | ---- | C] () -- C:\Documents and Settings\jerry\Application Data\Sandra.mdb
[2012/04/24 11:04:36 | 000,000,388 | ---- | C] () -- C:\WINDOWS\AIM_RACE_STUDIO.INI
[2012/04/24 11:03:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AIM_LANGUAGE.INI
[2012/04/24 11:03:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2012/04/01 10:08:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 23:25:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\fusioncache.dat
[2011/12/01 18:35:23 | 000,324,572 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\census.cache
[2011/12/01 18:35:14 | 000,191,535 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\ars.cache
[2011/11/23 14:30:46 | 000,026,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\fileHiders.sys
[2011/06/07 11:40:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\housecall.guid.cache
[2011/06/05 12:35:03 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/04 20:17:37 | 000,051,830 | ---- | C] () -- C:\Documents and Settings\jerry\Local Settings\Application Data\FASTWiz.html
 
========== ZeroAccess Check ==========
 
[2011/04/24 12:00:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/03/31 12:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/14 18:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/05/22 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bling Software LTD
[2013/01/06 18:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/01/09 10:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/06/07 11:54:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/08/05 18:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/02/07 13:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HRS Disc 11
[2013/08/08 12:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/08/10 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2011/06/04 18:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2012/05/04 11:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2013/06/27 11:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/08/10 16:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/17 09:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2011/12/17 17:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/05/14 15:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Acronis
[2012/04/18 08:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Advanced Combat Tracker
[2012/02/17 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\CadSoft
[2013/08/13 18:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\CheckPoint
[2013/05/16 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\FixZeroAccess
[2013/08/12 19:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\FreeFLVConverter
[2011/04/25 06:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\FTW
[2013/08/12 19:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\iolo
[2011/04/24 06:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Kensington
[2013/08/12 19:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Leadertech
[2013/05/17 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Millennia
[2013/06/08 19:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Mumble
[2011/07/27 18:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\MyFamily.com
[2011/06/04 18:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Netscape
[2011/06/04 18:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\OLYMPUS
[2011/07/02 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\OpenOffice.org
[2012/02/08 17:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\RIFT
[2012/05/16 10:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Sony Online Entertainment
[2013/08/08 17:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Systweak
[2013/05/16 15:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\TeamViewer
[2013/08/12 19:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Tific
[2013/08/08 17:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\TS3Client
[2012/02/04 23:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\ts3overlay
[2011/11/23 23:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\wargaming.net
[2012/04/01 10:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Windows Desktop Search
[2012/04/01 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\Windows Search
[2011/06/08 11:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\WinPatrol
[2013/08/12 19:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jerry\Application Data\ZeoBIT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/11/13 09:18:45 | 127,776,097 | ---- | M] ()(C:\Documents and Settings\jerry\Desktop\Why 'Mitt? Romney' Lost.mp4) -- C:\Documents and Settings\jerry\Desktop\Why 'Mitt Romney' Lost.mp4
[2012/11/13 09:12:54 | 127,776,097 | ---- | C] ()(C:\Documents and Settings\jerry\Desktop\Why 'Mitt? Romney' Lost.mp4) -- C:\Documents and Settings\jerry\Desktop\Why 'Mitt Romney' Lost.mp4
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 



#15 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:08:53 PM

Posted 19 August 2013 - 05:41 PM

OTL Extras logfile created on: 8/19/2013 3:23:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 64.15% Memory free
5.09 Gb Paging File | 3.97 Gb Available in Paging File | 78.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 567.53 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
Drive D: | 4.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BLACK | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\jerry\Local Settings\Temp\{57764780-e33b-11d1-96ed-00a024a83a15}\k_update.exe" = C:\Documents and Settings\jerry\Local Settings\Temp\{57764780-e33b-11d1-96ed-00a024a83a15}\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web.
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\jerry\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\jerry\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1114292451\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1114292451\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1114292451\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1114292451\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.mui" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe" = C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\jerry\Local Settings\Temp\{00AE5E91-016D-4C09-BA4F-3479158EE361}\{75988688-C180-4249-8A24-0613F5051962}\incredimail_install.exe" = C:\Documents and Settings\jerry\Local Settings\Temp\{00AE5E91-016D-4C09-BA4F-3479158EE361}\{75988688-C180-4249-8A24-0613F5051962}\incredimail_install.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" = C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service -- (Acronis)
"C:\Program Files\123CopyDVD 2013\helper.exe" = C:\Program Files\123CopyDVD 2013\helper.exe:*:Enabled:123 CopyDVD 2013 -- ()
"C:\Program Files\123CopyDVD 2013\123CopyDVD.exe" = C:\Program Files\123CopyDVD 2013\123CopyDVD.exe:*:Enabled:123 CopyDVD 2013 -- (Bling Software LTD)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}" = True Image 2013
"{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible" = True Image 2013
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA065F43-210E-490B-958E-3BDC975C9C71}" = R/C Data Recorder (Release Version)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF142A83-507D-4F0F-92FC-40C7F76C1F87}" = Driver Tool
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B88B8685-07B2-4C6F-BDC7-C70772400355}" = ZoneAlarm Security
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09EDA0B-0F8A-4F02-8922-43247E695F0F}" = RACE STUDIO 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP1x
"{C97B0770-C946-413F-AB20-325CEC1D6A29}" = ZoneAlarm Firewall
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB3F0CE3-0487-49DA-BE17-C0EEA48D3DD7}" = ZoneAlarm Antivirus
"{E00BF7BC-BB00-422D-9D3F-2E2F9E2F23B9}" = PCKeeper
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB238A00-FB43-49C8-8955-6F1F430944B7}" = Smart Dual Lan
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{g_dvd_maker-66712EEE-ECBC-A8888}_is1" = GET DVD Maker Ultimate 7.3.1.0
"123CopyDVD 2013" = 123CopyDVD
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.04.04.8012
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"Afterburner" = MSI Afterburner 2.3.1
"ATC_is1" = Advanced Tactical Center™ 1.12
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"Corel Applications" = Corel Applications
"EAGLE 6.1.0" = EAGLE 6.1.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2010" = Family Tree Maker 2010
"Flight Simulator 98" = Microsoft Flight Simulator 98
"FLV Player2.0.25" = FLV Player
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"KeyboardTest_is1" = KeyboardTest V3.0
"Legacy 7.5" = Legacy 7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Silent Package Run-Time Sample" = EPSON SPR300 Reference Guide
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trusted Software Assistant_is1" = File Type Assistant
"VideoPad" = VideoPad Video Editor
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoneAlarm Antivirus" = ZoneAlarm Antivirus
"ZoneAlarm Do Not Track Add-on_is1" = ZoneAlarm Do Not Track Add-on 2.2.5.1213
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for Zip Opener
"LotRO MIDI Player" = LotRO MIDI Player
"Should I Remove It 1.0.4" = Should I Remove It
"SOE-EverQuest II Streaming" = EverQuest II Streaming
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/15/2013 5:02:58 PM | Computer Name = BLACK | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 8/15/2013 5:33:03 PM | Computer Name = BLACK | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 8/15/2013 5:35:07 PM | Computer Name = BLACK | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 8/15/2013 9:24:14 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 1102.52.6889.8038, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053.
 
Error - 8/16/2013 12:51:50 PM | Computer Name = BLACK | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 8/16/2013 12:53:50 PM | Computer Name = BLACK | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 8/16/2013 6:18:10 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 1102.52.6889.8038, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053.
 
Error - 8/17/2013 9:31:26 AM | Computer Name = BLACK | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 8/17/2013 5:15:55 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 1102.52.6889.8038, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053.
 
Error - 8/18/2013 1:49:55 PM | Computer Name = BLACK | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 8/18/2013 6:38:04 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
Description = Faulting application turbinelauncher.exe, version 0.0.0.0, faulting
 module qtgui4.dll, version 4.8.4.0, fault address 0x003f400a.
 
Error - 8/19/2013 12:49:20 PM | Computer Name = BLACK | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 8/19/2013 4:23:05 PM | Computer Name = BLACK | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 1102.52.6889.8038, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053.
 
[ System Events ]
Error - 8/15/2013 4:08:49 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/15/2013 5:01:16 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/15/2013 5:33:08 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/16/2013 12:51:58 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/17/2013 9:31:29 AM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/17/2013 4:08:23 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7016
Description = The SDLService service has reported an invalid current state 0.
 
Error - 8/18/2013 1:49:58 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm LTD Toolbar IswSvc service depends on the ZoneAlarm
LTD Toolbar ISWKL service which failed to start because of the following error:
  %%1058
 
Error - 8/18/2013 1:49:58 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
Error - 8/19/2013 12:49:25 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm LTD Toolbar IswSvc service depends on the ZoneAlarm
LTD Toolbar ISWKL service which failed to start because of the following error:
  %%1058
 
Error - 8/19/2013 12:49:25 PM | Computer Name = BLACK | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
 1 (0x1).
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users