Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

post-Smart Guard protection infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 john1816

john1816

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 24 March 2014 - 11:51 AM

Hi

 

My computer recently got the Smart Guard Protection scamware program infection, though i managed to find its containing folder, renamed it then deleted it which allowed me to use the computer (since the program prevents me from opening malwarebytes, task manager, etc.). Although before this, something strange was happening when i was surfing with google chrome. When i search anything in google chrome's search bar, i keep getting redirected to Adobe flash player to download its latest update. I ignored it thinking that i could just update later anyways but whenever i search anything in chrome's search bar it keeps redirecting me to that page and would sometimes automatically download the program. I did not run the program though and kept deleting it as i get redirected to that page. During that time as well i could not access gmail. However at this time, i could also not use google.com but can go to other sites like yahoo.com and facebook (both in chrome and in firefox). as well as still get redirected to that adobe flash player download page (Also reinstalled chrome and firefox, uninstalled adobe flash player).

 

*Edit - just happened again. A pop-up appeared on chrome while i was editing this post, asking me to download adobe flash player again. Its some form of browser hijacking going on...and even if i clicked on the "x" button, it went ahead and downloaded it. Malwarebytes also detects the file as a trojan horse.  

 

*Edit 2 - its blocking anything i click on yahoo's search results and also anything on google. Also even if i didn't go to www.adobe.com, the pop-up still appears (even if i uninstalled flash player). 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_39
Run by Administrator at 0:29:25 on 2014-03-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.410 [GMT 8:00]
.
AV: avast! antivirus 4.8.1290 [VPS 140323-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\UltraVNC Addons\uvnc_service.exe
D:\Program Files\Virtual CD v10\System\VC10SecS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Virtual CD v10\System\VC10Play.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\VM303_STI.EXE
D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
C:\Genius\ioCentre\gTaskBar.exe
D:\Program Files\Steam\steam.exe
C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\DeskSlide\DeskSlide.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Setup\diablo3_ensg\Diablo III Setup.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Setup\diablo3_ensg\Diablo III Setup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
uProxyServer = socks=
uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\documents and settings\all users\application data\6vxld7x6\6VXld7X6.exe -sm,
mWinlogon: SFCDisable = dword:-99
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [SpeedConnectStartUp] c:\program files\cbs software\speedconnect internet accelerator\SpeedConnectStartUp.exe -run
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [DeskSlide] c:\program files\deskslide\DeskSlide.exe -logon -hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DIMDownloading...1271254118180] "d:\program files\corel\coreldraw graphics suite x5\programs\dim.exe" "c:\documents and settings\all users\application data\corel\downloads\540215253_610005\1271254118180\dim_params.xml" -launch=3 -uibase="c:\documents and settings\administrator\application data\corel\messages\540215253_610005\en\messagecache1\workflow"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VC10Player] d:\program files\virtual cd v10\system\VC10Play.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NWEReboot] <no file>
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\morphvox.lnk - c:\program files\screaming bee\morphvox pro\MorphVOX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Xilisoft Download YouTube Video - d:\program files\xilisoft\download youtube video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 124.106.7.2 124.106.5.2 192.168.1.1
TCP: Interfaces\{54AAE877-6021-43D1-994A-0A82DFDE391D} : DHCPNameServer = 124.106.7.2 124.106.5.2 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: KeyScrambler - KeyScramblerLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 0.0.0.0 123spywar.com
Hosts: 0.0.0.0 www.123spywar.com
Hosts: 0.0.0.0 1clickspyclean.com
Hosts: 0.0.0.0 www.1clickspyclean.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gucjcvtg.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: d:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: d:\program files\adobe\acrobat 11.0\acrobat\browser\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-12 110160]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-8-11 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-8-11 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R1 vdrv1000;vdrv1000;c:\windows\system32\drivers\vdrv1000.sys [2011-6-9 183832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-12 155160]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-9-13 73464]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-8-11 700152]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-6-18 217088]
R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.6\LF30XP.sys [2004-11-20 101488]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-24 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-23 95200]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2012-5-23 66560]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R2 Uvnc_service;Uvnc_service;d:\program files\ultravnc addons\uvnc_service.exe [2012-2-28 63296]
R2 VC10SecS;Virtual CD v10 Management Service;d:\program files\virtual cd v10\system\VC10SecS.exe [2011-6-9 145224]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-12 352920]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-6-18 36640]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-1-21 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-22 22856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776]
S0 ftapc;ftapc;c:\windows\system32\drivers\htulclc.sys --> c:\windows\system32\drivers\htulclc.sys [?]
S0 yhku;yhku;c:\windows\system32\drivers\fdhjhjr.sys --> c:\windows\system32\drivers\fdhjhjr.sys [?]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-12-24 22528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-22 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 AEMZHABT;AEMZHABT;c:\docume~1\admini~1\locals~1\temp\aemzhabt.exe --> c:\docume~1\admini~1\locals~1\temp\AEMZHABT.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-5-17 1691480]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2009-1-26 1527900]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2013-10-9 19456]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [2013-10-9 11520]
S3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2011-6-9 18432]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-27 50704]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\program files\msi\live update 3\ntaccess.sys --> c:\program files\msi\live update 3\NTACCESS.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: jsfile="d:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="d:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-03-24 16:19:34 54016 ----a-w- c:\windows\system32\drivers\jtvaoro.sys
2014-03-23 17:35:31 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2014-03-23 15:48:46 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2014-03-23 15:48:45 60928 ----a-w- c:\program files\mozilla firefox\plugins\npContribute.dll
2014-03-23 15:48:45 209112 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-03-23 15:48:45 16192 ----a-w- c:\program files\mozilla firefox\plugins\NPOFF12.DLL
2014-03-23 15:48:45 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2014-03-23 15:48:45 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2014-03-23 15:48:45 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2014-03-23 15:48:45 143360 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2014-03-23 15:48:42 4380832 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2014-02-27 06:58:00 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Battle.net
2014-02-27 06:58:00 -------- d-----w- c:\documents and settings\administrator\application data\Battle.net
2014-02-26 23:32:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Blizzard Entertainment
.
==================== Find3M  ====================
.
2014-01-13 13:50:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2014-01-13 13:50:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH:  0:31:08.01 ===============

Edited by john1816, 24 March 2014 - 12:25 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 24 March 2014 - 11:17 PM

Hello john1816,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • Once the scan complees click CLEAN to remove anything found.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

    2.
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 25 March 2014 - 01:22 AM

Hello, and thanks for the reply.

 

 

Here are the logs:

 

# AdwCleaner v3.022 - Report created 25/03/2014 at 13:59:25
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - 97AD6BA9FD0D4BF
# Running from : J:\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\vghd
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ParetoLogic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gucjcvtg.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3668 octets] - [25/03/2014 13:57:49]
AdwCleaner[S0].txt - [3659 octets] - [25/03/2014 13:59:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3719 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on 97AD6BA9FD0D4BF on 25-03-2014 14:16:37
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\COMODO\Firewall\cmdagent.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(COMODO) C:\Program Files\Comodo\CBOClean\BOCORE.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() D:\Program Files\UltraVNC Addons\uvnc_service.exe
(H+H Software GmbH) D:\Program Files\Virtual CD v10\System\VC10SecS.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
(H+H Software GmbH) D:\Program Files\Virtual CD v10\System\VC10Play.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(QFX Software Corporation) C:\Program Files\KeyScrambler\keyscrambler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(COMODO) C:\Program Files\COMODO\SafeSurf\cssurf.exe
() C:\Program Files\COMODO\Firewall\cfp.exe
(Vimicro) C:\WINDOWS\VM303_STI.EXE
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
() C:\Genius\ioCentre\gTaskBar.exe
(Valve Corporation) D:\Program Files\Steam\steam.exe
(CBS Software) C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusion.exe
(George Obada) C:\Program Files\DeskSlide\DeskSlide.exe
() C:\Genius\ioCentre\gMouseTask.exe
() C:\Genius\ioCentre\gKbdTask.exe
() C:\Genius\ioCentre\gAutoPan.exe
() C:\Genius\ioCentre\gAutoScroll.exe
() C:\Genius\ioCentre\gZoom.exe
() C:\Genius\ioCentre\gIMMgm.exe
() C:\Genius\ioCentre\gKbStatus.exe
() C:\Genius\ioCentre\gDeskMgm.exe
() C:\Genius\ioCentre\gTaskSwitch.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Program Files\Alwil Software\Avast4\setup\avast.setup
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2008-11-19] (ALWIL Software)
HKLM\...\Run: [VC10Player] - D:\Program Files\Virtual CD v10\System\VC10Play.exe [383304 2009-11-12] (H+H Software GmbH)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065896 2012-03-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-05] ()
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [111208 2011-05-14] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13895272 2011-05-14] (NVIDIA Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [KeyScrambler] - C:\Program Files\KeyScrambler\keyscrambler.exe [510440 2008-11-22] (QFX Software Corporation)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Corel File Shell Monitor] - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-18] ()
HKLM\...\Run: [COMODO SafeSurf] - C:\Program Files\COMODO\SafeSurf\cssurf.exe [278264 2008-08-11] (COMODO)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\Firewall\cfp.exe [1851128 2009-05-11] ()
HKLM\...\Run: [COMODO Firewall Pro] - C:\Program Files\COMODO\Firewall\cfp.exe [1851128 2009-05-11] ()
HKLM\...\Run: [BigDog303] - C:\WINDOWS\VM303_STI.EXE [61440 2005-10-25] (Vimicro)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Acrobat Assistant 8.0] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-19] (Adobe Systems Inc.)
HKLM\...\Run: [ioCentre] - C:\Genius\ioCentre\gTaskBar.exe [61440 2007-12-17] ()
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\6VXld7X6\6VXld7X6.exe -sm,
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\KeyScrambler: C:\WINDOWS\system32\KeyScramblerLogon.dll (QFX Software Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetIcon] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\S-1-5-19\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\Run: [msnsc] - C:\WINDOWS\system32\msnsc.exe
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1757981266-2147132087-839522115-1006\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [Steam] - D:\Program Files\Steam\steam.exe [1821888 2014-02-26] (Valve Corporation)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [SpeedConnectStartUp] - C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe [603136 2010-06-19] (CBS Software)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [DisplayFusion] - C:\Program Files\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [DeskSlide] - C:\Program Files\DeskSlide\DeskSlide.exe [806912 2008-01-27] (George Obada)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [DIMDownloading...1271254118180] - d:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe [95592 2010-01-13] (Corel Corporation)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\MountPoints2: {c89efd16-66e1-11dd-b258-0019dbb3c4b6} - F:\LaunchU3.exe -a
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MorphVOX.lnk
ShortcutTarget: MorphVOX.lnk -> C:\Program Files\Screaming Bee\MorphVOX Pro\MorphVOX.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: socks=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 124.106.7.2 124.106.5.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gucjcvtg.default
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Acrobat - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-05-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-12-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-26]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-02]
FF HKCU\...\Firefox\Extensions: [hideip@hide-ip-soft.com] - C:\Documents and Settings\Administrator\Application Data\Hide IP NG\firefox_plugin\
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-03-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-03-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-03-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-04-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2008-11-19] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [155160 2008-11-19] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2008-11-19] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2008-11-19] (ALWIL Software)
R2 BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [73464 2008-07-14] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\Firewall\cmdagent.exe [700152 2009-05-11] ()
S3 FirebirdServerMAGIXInstance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-10-30] (Flexera Software, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [154032 2013-01-15] (Sun Microsystems, Inc.)
S2 MbaeSvc; D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-03] (McAfee, Inc.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2226792 2011-05-14] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-29] (Rocket Division Software)
R2 Uvnc_service; D:\Program Files\UltraVNC Addons\uvnc_service.exe [63296 2007-06-04] ()
R2 VC10SecS; D:\Program Files\Virtual CD v10\System\VC10SecS.exe [145224 2009-11-12] (H+H Software GmbH)
S3 AEMZHABT; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AEMZHABT.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [26944 2008-11-19] (ALWIL Software)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22528 2006-06-06] (WALTOP International Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2008-11-19] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94032 2008-11-19] (ALWIL Software)
R3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23152 2008-11-19] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [110160 2008-11-19] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [50864 2008-11-19] (ALWIL Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2013-01-25] ()
R3 BOCDRIVE; C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [15376 2007-04-17] ()
R0 BootScreen; C:\WINDOWS\System32\drivers\vidstub.sys [163712 2009-03-01] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [110992 2009-05-11] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [24336 2009-05-11] (COMODO)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2010-09-13] ()
S3 gHidPnp; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [19456 2009-04-28] ()
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] ()
S3 gMouUsb; C:\WINDOWS\System32\DRIVERS\gMouUsb.sys [11520 2009-03-04] ()
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HH10Help.sys; C:\WINDOWS\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [80400 2009-05-11] (COMODO)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [113896 2008-06-25] (QFX Software Corporation)
R2 LF30FS; C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [101488 2004-11-20] ()
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2013-01-25] ()
S3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-03-25] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 npf; C:\WINDOWS\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [18856 2007-09-01] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119528 2011-05-10] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-05-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2008-12-04] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-19] (Almico Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-08-11] ()
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [102664 2008-11-20] (Trend Micro Inc.)
S3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
R3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [390849 2005-10-27] (Vimicro Corporation)
U3 acbqq8ta; C:\WINDOWS\system32\Drivers\acbqq8ta.sys [0 ] (Microsoft Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 ftapc; System32\drivers\htulclc.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 MSICPL; \??\E:\install4\MSICPL.sys [X]
S0 nklmweo; System32\drivers\netdcdh.sys [X]
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
S3 SCREAMINGBDRIVER; system32\drivers\ScreamingBAudio.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 sony_ssm.sys; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sony_ssm.sys [X]
S3 TMPassthruMP; system32\DRIVERS\TMPassthru.sys [X]
R5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [183832 2009-11-09] (H+H Software GmbH)
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]
S3 WEBNTACCESS; \??\C:\Program Files\MSI\Live Update 3\NTACCESS.SYS [X]
U1 WS2IFSL; 
S0 yhku; System32\drivers\fdhjhjr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-25 14:16 - 2014-03-25 14:16 - 00030445 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-25 14:16 - 2014-03-25 14:16 - 00000000 ____D () C:\FRST
2014-03-25 14:15 - 2014-03-25 14:15 - 00001118 _____ () C:\Documents and Settings\Administrator\Desktop\Transcend (J) 3.74 GB.lnk
2014-03-25 14:15 - 2014-03-25 13:47 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-03-25 13:57 - 2014-03-25 13:59 - 00000000 ____D () C:\AdwCleaner
2014-03-25 13:53 - 2014-03-25 13:53 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-25 13:48 - 2014-03-25 13:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 13:40 - 2014-03-25 14:12 - 00001133 _____ () C:\Documents and Settings\Administrator\Desktop\D3_2.0.0 (E) 0 bytes.lnk
2014-03-25 07:48 - 2014-03-25 07:48 - 00000043 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2014-03-25 07:31 - 2014-03-25 14:15 - 00015526 _____ () C:\WINDOWS\setupapi.log
2014-03-25 01:31 - 2014-03-25 01:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-03-25 00:31 - 2014-03-25 00:31 - 00196235 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-25 00:31 - 2014-03-25 00:31 - 00021699 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-24 21:18 - 2014-03-24 21:18 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-24 21:18 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-03-24 21:06 - 2014-03-25 13:11 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 21:05 - 2014-03-25 14:11 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:05 - 2014-03-24 21:09 - 00000000 ____D () C:\Program Files\Google
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Licenses
2014-03-24 00:19 - 2014-03-24 00:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Smart Guard Protection
2014-03-23 23:48 - 2014-03-24 21:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-23 00:20 - 2014-03-23 00:22 - 00422387 _____ () C:\Documents and Settings\Administrator\Desktop\Thermo 1 Schematic Diagram 3.cdr
2014-03-21 14:33 - 2014-03-21 15:02 - 00000598 _____ () C:\Documents and Settings\Administrator\Desktop\Wings of Valor.txt
2014-03-03 01:28 - 2013-09-16 22:21 - 00097539 _____ () C:\Documents and Settings\Administrator\Desktop\Frequency Distribution.pptx
2014-02-27 14:58 - 2014-03-23 22:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Battle.net
2014-02-27 14:58 - 2014-02-27 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Battle.net
2014-02-27 14:57 - 2014-02-27 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Battle.net
2014-02-27 07:32 - 2014-02-27 07:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2014-02-23 00:56 - 2014-02-23 00:56 - 00947574 _____ () C:\Documents and Settings\Administrator\Desktop\Baldur's Gate Game Guide 2.txt
 
==================== One Month Modified Files and Folders =======
 
2014-03-25 14:16 - 2014-03-25 14:16 - 00030445 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-25 14:16 - 2014-03-25 14:16 - 00000000 ____D () C:\FRST
2014-03-25 14:15 - 2014-03-25 14:15 - 00001118 _____ () C:\Documents and Settings\Administrator\Desktop\Transcend (J) 3.74 GB.lnk
2014-03-25 14:15 - 2014-03-25 07:31 - 00015526 _____ () C:\WINDOWS\setupapi.log
2014-03-25 14:15 - 2011-12-12 19:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-03-25 14:12 - 2014-03-25 13:40 - 00001133 _____ () C:\Documents and Settings\Administrator\Desktop\D3_2.0.0 (E) 0 bytes.lnk
2014-03-25 14:12 - 2008-08-11 00:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-25 14:12 - 2008-08-11 00:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-25 14:11 - 2014-03-24 21:05 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 14:11 - 2012-05-06 21:14 - 00000540 _____ () C:\WINDOWS\Tasks\PandaUSBVaccine.job
2014-03-25 14:11 - 2008-08-10 23:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-25 14:00 - 2008-08-11 00:56 - 00917504 _____ () C:\WINDOWS\system32\config\Antivirus.Evt
2014-03-25 14:00 - 2008-08-10 23:20 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-25 13:59 - 2014-03-25 13:57 - 00000000 ____D () C:\AdwCleaner
2014-03-25 13:59 - 2008-08-10 23:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-25 13:59 - 2008-08-10 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-25 13:59 - 2008-08-10 23:16 - 01327662 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-25 13:53 - 2014-03-25 13:53 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-25 13:48 - 2008-08-18 19:55 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 13:47 - 2014-03-25 14:15 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-03-25 13:47 - 2014-03-25 13:48 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 13:26 - 2008-11-16 18:54 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-03-25 13:11 - 2014-03-24 21:06 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-25 07:48 - 2014-03-25 07:48 - 00000043 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2014-03-25 07:37 - 2012-02-26 15:26 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-03-25 07:37 - 2012-02-26 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
2014-03-25 07:37 - 2009-01-29 22:10 - 00000000 ____D () C:\Program Files\Image-Line
2014-03-25 07:37 - 2009-01-29 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Image-Line
2014-03-25 07:35 - 2011-06-18 17:25 - 00000000 ____D () C:\Program Files\Samsung
2014-03-25 07:32 - 2011-04-10 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pavark
2014-03-25 07:27 - 2011-04-26 20:46 - 00000000 ____D () C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2014-03-25 02:00 - 2013-05-06 18:36 - 00000358 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-97AD6BA9FD0D4BF-Administrator.job
2014-03-25 02:00 - 2008-08-14 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-03-25 01:55 - 2008-08-11 00:33 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\Security
2014-03-25 01:32 - 2008-08-10 22:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-25 01:31 - 2014-03-25 01:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-03-25 01:31 - 2008-10-12 12:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 00:31 - 2014-03-25 00:31 - 00196235 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-25 00:31 - 2014-03-25 00:31 - 00021699 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-24 21:19 - 2008-08-10 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-03-24 21:18 - 2014-03-24 21:18 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-24 21:18 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-23 23:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-24 21:16 - 2008-10-07 22:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 21:15 - 2010-01-16 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-03-24 21:15 - 2008-08-13 13:40 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-24 21:10 - 2014-03-24 21:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-03-24 21:10 - 2008-09-13 18:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-03-24 21:09 - 2014-03-24 21:05 - 00000000 ____D () C:\Program Files\Google
2014-03-24 21:05 - 2008-08-14 20:44 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\VGR
2014-03-24 20:50 - 2008-08-14 16:22 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Licenses
2014-03-24 01:35 - 2012-04-12 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-03-24 01:17 - 2012-02-17 21:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\TempDIR
2014-03-24 01:17 - 2008-08-10 23:57 - 00000000 ____D () C:\WINDOWS\Cursors
2014-03-24 00:39 - 2012-01-22 16:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-24 00:36 - 2012-01-22 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-24 00:19 - 2014-03-24 00:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Smart Guard Protection
2014-03-23 22:11 - 2014-02-27 14:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Battle.net
2014-03-23 02:00 - 2014-01-19 03:02 - 00390104 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-23 00:22 - 2014-03-23 00:20 - 00422387 _____ () C:\Documents and Settings\Administrator\Desktop\Thermo 1 Schematic Diagram 3.cdr
2014-03-21 21:38 - 2009-12-21 22:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-03-21 15:02 - 2014-03-21 14:33 - 00000598 _____ () C:\Documents and Settings\Administrator\Desktop\Wings of Valor.txt
2014-03-21 13:50 - 2006-01-13 09:26 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-01 21:36 - 2006-01-13 09:50 - 00001037 _____ () C:\WINDOWS\win.ini
2014-02-27 15:01 - 2014-02-27 14:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Battle.net
2014-02-27 15:01 - 2013-03-16 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
2014-02-27 14:57 - 2014-02-27 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Battle.net
2014-02-27 14:57 - 2010-08-23 21:32 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-02-27 07:32 - 2014-02-27 07:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2014-02-23 00:56 - 2014-02-23 00:56 - 00947574 _____ () C:\Documents and Settings\Administrator\Desktop\Baldur's Gate Game Guide 2.txt
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-03-25 14:17:29
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! antivirus 4.8.1290 [VPS 140323-1] (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 
==================== Installed Programs ======================
 
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
A4 TECH USB PC Camera H (HKLM\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 1.00.000 - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.01 - Adobe Systems)
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.5.2.320 - Adobe Systems Incorporated)
Adobe Community Help (Version: 2.5.2 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Alive Text to Speech v5.3.6.6 (HKLM\...\Alive Text to Speech_is1) (Version:  - AliveMedia, Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Audacity 1.3.10 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AusLogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 1.4 - Auslogics Software Pty Ltd)
AutoHotkey 1.0.48.03 (HKLM\...\AutoHotkey) (Version: 1.0.48.03 - Chris Mallett)
avast! Antivirus (HKLM\...\avast!) (Version: 4.8 - Alwil Software)
Avid Liquid 7.20 (HKLM\...\Avid Liquid 7.20) (Version:  - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
Baldur's Gate - Enhanced Edition (HKLM\...\Baldur's Gate - Enhanced Edition_is1) (Version:  - )
Baldur's Gate II: Enhanced Edition (HKLM\...\QmFsZHVyc0dhdGVJSUVuaGFuY2VkRWRpdGlvbg==_is1) (Version: 1 - )
Battle Realms (Version: 0.10.000 - Liquid Entertainment) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BioWare Premium Module: Neverwinter Nights - Infinite Dungeons (HKLM\...\Neverwinter Nights - Infinite Dungeons) (Version:  - BioWare Corp.)
BioWare Premium Module: Neverwinter Nights - Pirates of the Sword Coast (HKLM\...\Neverwinter Nights - Pirates of the Sword Coast) (Version:  - BioWare Corp.)
BioWare Premium Module: Neverwinter Nights - Wyvern Crown of Cormyr (HKLM\...\Neverwinter Nights - Wyvern Crown of Cormyr) (Version:  - BioWare Corp.)
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Blazing Angels 2 : Secret Missions of WWII (HKLM\...\{D8768524-DE8D-40D3-904B-B1FCC31CF9F9}) (Version: 2.00.0000 - Ubisoft)
BOClean (HKLM\...\CBOClean) (Version:  - )
BootSkin (HKLM\...\BootSkin) (Version:  - )
Buddy Spy 2.2.19 (HKLM\...\Buddy Spy_is1) (Version: 2.2.19 - Hard Coded Industries)
Call of Duty® - World at War™ 1.1 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.5 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.6 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.7 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CamStudio (HKLM\...\CamStudio) (Version:  - )
CamStudio Lossless Codec (HKLM\...\camcodec) (Version:  - )
Camtasia Studio 7 (HKLM\...\{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}) (Version: 7.1.0 - TechSmith Corporation)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Collab (HKLM\...\Collab) (Version:  - Image-Line bvba)
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer The First Decade (HKLM\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Command & Conquer™ 3: Kane's Wrath (HKLM\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 Uprising (HKLM\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ The First Decade Patch (HKLM\...\{CBB0ABFA-4668-4172-952D-2CEF5C14F4D2}) (Version:  - )
Command & Conquer™ The First Decade Patch 1.02 (HKLM\...\{CBB0ABFB-4668-4172-952D-2CEF5C14F4D2}) (Version:  - )
COMODO Firewall Pro (HKLM\...\COMODO Firewall Pro) (Version: 3.8.65951.477 - COMODO)
COMODO SafeSurf (HKLM\...\COMODO SafeSurf) (Version: 1.0.1.9 - COMODO)
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
Content (Version: 1.00.0000 - Your Company Name) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0000 - Corel Corporation)
Corel Painter 11 - ICA (Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (Version: 11.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
CPUID CPU-Z 1.57.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CubeExperimentalUninstaller (HKLM\...\Cube Experimental_is1) (Version: 1.0.4 - SureAI)
Defraggler (remove only) (HKLM\...\Defraggler) (Version:  - )
DeskSlide 2.1 (HKLM\...\{66D12CFB-23A8-4428-B879-1942E59136AE}_is1) (Version: 2.1.0.12 - George Obada)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayFusion 3.1.6 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version:  - Binary Fortress Software)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DualCoreCenter (HKLM\...\DualCoreCenter_is1) (Version:  - MSI, Inc.)
Dune 2000 (HKLM\...\Dune 2000) (Version:  - )
Dungeon Siege 2 (HKLM\...\DungeonSiege2) (Version:  - Microsoft)
Dungeon Siege 2 Broken World (HKLM\...\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}) (Version: 1.00.0000 - Gas Powered Games)
DVD to VCD AVI DivX Converter v3.2 (build 069) (HKLM\...\DVD to VCD AVI DivX Converter v3.2 (build 069)) (Version:  - )
DW6 ASIA (Version: 1.00.0000 - Koei) Hidden
DYNASTY WARRIORS 6 ASIA (HKCU\...\InstallShield_{141055D3-F7D6-4F92-AF59-09B013B78EE8}) (Version: 1.00.0000 - Koei)
EA Download Manager (HKLM\...\EADM) (Version: 8.0.3.427 - Electronic Arts, Inc.)
Eastern Front (HKLM\...\Eastern Front) (Version: 1.7.2.1 - )
EkszBox-ABX v2.0 (HKLM\...\EkszBox-ABX_is1) (Version: 2.0 - EkszBox)
Emperor: Battle For Dune (HKLM\...\Emperor) (Version:  - )
Empire Earth 2 Platinum (HKLM\...\{1AEA033D-04D6-39A5-5C8A-FEDDBFC7EA5D}) (Version: 1.00.00.0000 - Sierra)
Empire Earth IV v9.02 eng (HKLM\...\Empire Earth IV v9.02 eng) (Version: 9.02 - RGV1)
Emsa DLL Register Tool 1.0 (HKLM\...\Emsa DLL Register Tool_is1) (Version:  - Emsa Systems)
erLT (Version: 1.12.0117 - Logitech, Inc.) Hidden
ESET Online Scanner (HKLM\...\EsetOnlineScanner) (Version:  - )
Fable III (Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout (HKLM\...\Fallout_is1) (Version:  - GOG.com)
Fallout 3 - The Garden of Eden Creation Kit (HKLM\...\{B343B0E3-212A-40B9-8207-1BD299228F5D}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 - Unofficial Fallout 3 Patch (HKLM\...\{297C7552-BA68-4F73-AB83-82510777421D}_is1) (Version: v1.2.0 - Quarn (quarny@gmail.com))
Fallout 3 (HKCU\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout New Vegas (HKLM\...\Fallout New Vegas_is1) (Version:  - )
Final Draft 7 (HKLM\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.1.19 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server US) (Version: 2.0.1.13 - MAGIX AG)
FL DataStorm (HKLM\...\{5109E3B5-F4DA-48CE-9B15-53532BB474B5}) (Version: 4.01.0171 - Holger Matz, HellFire, Tropical tools +T)
FL Studio 8 (HKLM\...\FL Studio 8) (Version:  - Image-Line bvba)
FLAC 1.2.1a (remove only) (HKLM\...\FLAC) (Version: 1.2.1a - Xiph.org)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
FreeFixer (HKLM\...\FreeFixer0.58) (Version: 0.58 - Kephyr)
Freelancer (HKLM\...\Freelancer 1.0) (Version:  - )
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
GeoGebra (HKLM\...\GeoGebra) (Version: 4.0.14.0 - International GeoGebra Institute)
G-Force (HKLM\...\G-Force) (Version: 3.7.5 - SoundSpectrum)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPGNet (HKLM\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Halo 2 for Windows Vista (HKLM\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Hard Disk Sentinel PRO (HKLM\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HHD Software Hex Editor Neo 4.97 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 4.97.2.3667 - HHD Software, Ltd.)
Hide IP NG 1.29 (HKLM\...\Hide IP NG_is1) (Version:  - Volcano Force)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Homeworld2 (HKLM\...\Homeworld2) (Version:  - Sierra)
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
ICCup Launcher (HKLM\...\ICCup Launcher_is1) (Version: 1.6 - ICCup)
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line bvba)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder Group, Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)
ioCentre (HKLM\...\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}) (Version: 1.02.000 - KYE)
IP-Tools (HKLM\...\IP-Tools) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.390 - Oracle)
KeyScrambler (HKLM\...\KeyScrambler) (Version:  - QFX Software Corporation)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
Kotor Tool (HKLM\...\Kotor Tool) (Version:  - )
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Langauge (Version: 1.00.0000 - Your Company Name) Hidden
Lock Folder XP 3.6 (HKLM\...\{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}) (Version: 3.6 - Everstrike Software)
LockBox (HKLM\...\LockBox) (Version:  - MICRO-STAR INT'L CO., LTD.)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
MAGIX Audio Cleaning Lab 14 Download version 9.0.2.0 (US) (HKLM\...\MAGIX Audio Cleaning Lab 14 Download version US) (Version: 9.0.2.0 - MAGIX AG)
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US) (HKLM\...\MAGIX Music Maker 14 Producer Edition Download version US) (Version: 13.0.2.1 - MAGIX AG)
MAGIX Photo Manager 4.1.1.77 (US) (HKLM\...\MAGIX Photo Manager US) (Version: 4.1.1.77 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (US) (HKLM\...\MAGIX Screenshare US) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Malwarebytes' RogueRemover PRO (HKLM\...\Malwarebytes' RogueRemover PRO_is1) (Version:  - Malwarebytes)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.4.189 - McAfee, Inc.)
Media Player Codec Pack 4.1.6 (HKLM\...\Media Player - Codec Pack) (Version: 4.1.6 - Media Player Codec Pack)
MegaTrainer eXperience V1.0.9.0 (HKLM\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft MechCommander 2 (HKLM\...\MechCommander2 1.0) (Version:  - )
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Rise Of Nations (HKLM\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30322 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mirror's Edge™ (HKLM\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Morrowind (HKLM\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
MP3toBMU 0.35 (HKLM\...\MP3toBMU) (Version: 0.35 - BG Tool)
MSI Live Update 3 (HKLM\...\MSI Live Update 3) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661033}) (Version: 7.02.0794 - Nero AG)
Neverwinter Nights 2 (HKLM\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
Neverwinter Nights 2 Adventure Pack: Mysteries of Westgate (HKLM\...\Mysteries of Westgate) (Version:  - )
Neverwinter Nights Diamond Edition (HKLM\...\Neverwinter Nights Diamond Edition_is1) (Version:  - GOG.com)
NifSkope (remove only) (HKLM\...\NifSkope) (Version:  - )
NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version:  - )
Nmap 5.21 (HKLM\...\Nmap) (Version:  - )
No Hope (HKLM\...\No Hope) (Version:  - )
NVIDIA Control Panel 275.27 (Version: 275.27 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.76.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA Photoshop Plug-ins (HKLM\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 1.00.000 - )
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.4 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.3.4 - NVIDIA Corporation) Hidden
Oblivion - Horse Armor Pack (HKLM\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - The Fighter's Stronghold (HKLM\...\{A0A20753-92DF-4631-82B4-9CACE2FCED6A}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.9 (HKLM\...\Oblivion mod manager_is1) (Version:  - Timeslip)
oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable)
OJOsoft Total Video Converter (HKLM\...\OJOsoft Total Video Converter2.5.1.1121) (Version: 2.5.1.1121 - OJOsoft Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PasswordKeeper (HKLM\...\PasswordKeeper) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r3878) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r4600) (Version:  - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions)
Perfect Photo Suite 5.5.1 (HKLM\...\{59679381-3F22-4A40-A7AD-890242D74DF4}) (Version: 5.5.1 - onOne Software)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pinnacle Instant DVD Recorder (HKLM\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.090 - Pinnacle Systems)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
proDAD Vitascene 1.0 (HKLM\...\proDAD-Vitascene-1.0) (Version:  - )
PSPad editor (HKLM\...\PSPad editor_is1) (Version:  - Jan Fiala)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.5 comtypes-0.5.2 (HKCU\...\comtypes-py2.5) (Version:  - )
Python 2.5 PIL-1.1.6 (HKCU\...\PIL-py2.5) (Version:  - )
Python 2.5 psyco-1.6 (HKCU\...\psyco-py2.5) (Version:  - )
Python 2.5 pywin32-212 (HKCU\...\pywin32-py2.5) (Version:  - )
Python 2.5.2 (HKLM\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Quick Macro v6.60 (HKLM\...\Quick Macro_is1) (Version:  - vrBrothers Software)
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
QuickTime Alternative 1.67 (HKLM\...\QuicktimeAlt_is1) (Version: 1.67 - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6602 - Realtek Semiconductor Corp.)
Recuva (remove only) (HKLM\...\Recuva) (Version:  - )
Red Dawn 2012 based on Command & Conquer Red Alert 3.03 (HKLM\...\Red Dawn 2012 based on Command & Conquer Red Alert 3.03_is1) (Version:  - Command & Conquer™ community)
Red Dawn 2012 based on Command & Conquer Red Alert 3.03 Covert Ops Music (HKLM\...\Red Dawn 2012 based on Command & Conquer Red Ale~646D95DA_is1) (Version:  - Command & Conquer™ community)
Red Dawn 2012 Movies (HKLM\...\Red Dawn 2012 Movies_is1) (Version:  - Command & Conquer™ community)
Rise Of Legends (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rosetta Stone V3 (HKLM\...\{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}) (Version: 3.0.35 - Rosetta Stone)
SAMURAI WARRIORS 2 (HKCU\...\InstallShield_{798D4714-71DA-4871-87B5-E2D02C0FFC2B}) (Version: 1.00.0000 - Koei)
SAMURAI WARRIORS 2 (Version: 1.00.0000 - Koei) Hidden
Sandboxie 3.76 (32-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
SecureDoc (HKLM\...\SecureDoc) (Version:  - )
SeePassword (HKLM\...\{48948338-3777-41EB-AB05-DF48D3A59591}) (Version: 1.03.0000 - KMGI)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SHIFT 2 UNLEASHED™ (HKLM\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
Skulltag (HKLM\...\Skulltag) (Version: 98c - Skulltag)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
Sony Vegas Pro 8.0 (HKLM\...\{7C9AD221-994C-45B2-B46D-26F5735158CF}) (Version: 8.0.217 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.16 - Piriform)
SpeedConnect Internet Accelerator v.7.5 (HKLM\...\SpeedConnect Internet Accelerator v.7.5_is1) (Version:  - CBS Software)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Vaccine 4.0 (HKLM\...\Spyware Vaccine_is1) (Version:  - )
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars®: Knights of the Old Republic ™ (HKLM\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Starcraft (HKLM\...\Starcraft) (Version:  - )
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stronghold 2 Deluxe (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.30.100 - Firefly Studios)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.23.0.1006 - SUPERAntiSpyware.com)
Supreme Commander - Forged Alliance (HKCU\...\{31D95937-B237-405D-920C-A3EF4E482395}) (Version: 1.00.0000 - Gas Powered Games)
Supreme Commander (HKCU\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Supreme Commander 2 (HKLM\...\Steam App 40100) (Version:  - Gas Powered Games)
SureThing Express Labeler (HKLM\...\stax-Pinnacle_is1) (Version:  - MicroVision Development, Inc.)
Tableau Public 7.0 (HKLM\...\{C3EC0200-E7E1-416E-8FC5-FE5512E7B12A}) (Version: 7.0.403 - Tableau Software)
TES Construction Set (HKLM\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Red Alert (HKCU\...\The Red Alert) (Version: 1.1.0.0 - CNC Labs)
TibEd 1.7 (HKLM\...\TibEdNSIS) (Version: 1.7 - Van de Sande Productions)
Tom Clancy's H.A.W.X (HKLM\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.01.00000 - Ubisoft)
Toon Boom Studio 4.0 (HKLM\...\{62616A4E-82E4-424A-A201-3D29ABB6B7FD}) (Version: 4.0 - Toon Boom Animation Inc.)
Total Annihilation - Battle Tactics (HKLM\...\Total Annihilation - Battle Tactics) (Version:  - )
Total Annihilation - Core Contingency (HKLM\...\Total Annihilation - Core Contingency) (Version:  - )
Total Annihilation (HKLM\...\Total Annihilation) (Version:  - )
Total Annihilation: Kingdoms (HKLM\...\Total Annihilation: Kingdoms) (Version:  - )
Total War Shogun 2 - Fall Of The Samurai (HKLM\...\Total War Shogun 2 - Fall Of The Samurai_is1) (Version:  - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Trapcode Particular v2 (HKLM\...\Trapcode Particular v2) (Version:  - )
TTS (HKLM\...\{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}) (Version: 1.0.0.0 - ZoomCommerce Co., Ltd.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305) (HKLM\...\{96D33319-C14C-3070-A464-CE8416E46487}.KB982305) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
USB Tablet Manager (HKLM\...\Rmtablet) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtuaGirl HD (HKLM\...\vghd) (Version:  - )
Virtual CD v10 (HKLM\...\{10C51313-A308-4B40-90E3-B368D5882660}) (Version: 10.00.3 - H+H Software GmbH)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinAce Archiver (HKLM\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation) Hidden
Windows Internet Explorer 7 (Version: 20061017.133151 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wings of Prey 1.0.4.8 (HKLM\...\{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1) (Version: 1.0.4.8 - Gaijin Entertainment, Corp.)
Wings of Prey SkinKit (HKLM\...\{bd8defa4-19fa-4961-9693-f1122d8a62d9}}_is1) (Version: 1.0.0.0 - Gaijin Entertainment, Corp.)
WinISO 5.3 (HKLM\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 11.2 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )
World In Conflict Editor (HKLM\...\{7083067F-42F5-41AF-8422-E22EA391791C}) (Version: 1.0.0.0 - Massive Entertainment AB)
World in Conflict ModKit (HKLM\...\{E38B7B32-3EA9-4683-BEA4-FC24C7E3346E}) (Version: 1.3.0.0 - Massive Entertainment AB)
World in Conflict: Soviet Assault (HKLM\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Ubisoft Entertainment)
wxPython 2.8.7.1 (ansi) for Python 2.5 (HKLM\...\wxPython2.8-ansi-py25_is1) (Version: 2.8.7.1-ansi - Total Control Software)
X Plugin Manager 2.12 (HKLM\...\X Plugin Manager) (Version: 2.12 - 'Cycrow')
X3 Bonus Package 3.1.07 (HKLM\...\X3 Bonus Package_is1) (Version: 3.1.07 - Egosoft)
X3 Reunion (HKLM\...\{9838EAFF-B13B-4A03-AEAE-6D508136545D}) (Version: 12 - DeepSilver)
X3 Terran Conflict v3.2 (HKLM\...\X3TerranConflict_is1) (Version:  - EGOSOFT)
X3TC Bonus Package 4.1.01 (HKLM\...\X3TC Bonus Package_is1) (Version: 4.1.01 - Egosoft)
Xilisoft Download YouTube Video (HKLM\...\Xilisoft Download YouTube Video) (Version: 1.0.92.1107 - Xilisoft)
Xilisoft ISO Burner (HKLM\...\Xilisoft ISO Burner) (Version: 1.0.55.1231 - Xilisoft)
Xilisoft ISO Pro (HKLM\...\Xilisoft ISO Pro) (Version: 1.0.9.0112 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
X-Universe Plugin Manager 1.47 (HKLM\...\X-Universe Plugin Manager_is1) (Version: 1.47 - Cycrow)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
ZD Soft Screen Recorder 4.1.3.0 (HKLM\...\ZD Soft Screen Recorder) (Version: 4.1.3.0 - ZD Soft)
 
==================== Restore Points  =========================
 
26-12-2013 05:16:51 System Checkpoint
27-12-2013 05:30:57 System Checkpoint
29-12-2013 04:50:39 System Checkpoint
06-01-2014 13:23:52 System Checkpoint
10-01-2014 03:56:34 System Checkpoint
11-01-2014 05:22:12 System Checkpoint
12-01-2014 00:55:21 Removed Crysis® 2
15-01-2014 13:24:20 System Checkpoint
16-01-2014 19:41:11 System Checkpoint
18-01-2014 03:42:17 System Checkpoint
22-01-2014 11:55:43 System Checkpoint
24-01-2014 07:08:11 System Checkpoint
25-01-2014 17:39:03 System Checkpoint
27-01-2014 12:33:16 System Checkpoint
28-01-2014 12:34:03 System Checkpoint
29-01-2014 14:13:18 System Checkpoint
31-01-2014 05:12:43 System Checkpoint
01-02-2014 05:24:25 System Checkpoint
04-02-2014 15:08:27 System Checkpoint
06-02-2014 07:15:23 System Checkpoint
07-02-2014 23:42:27 System Checkpoint
10-02-2014 12:40:59 System Checkpoint
12-02-2014 12:03:51 System Checkpoint
15-02-2014 03:13:12 System Checkpoint
19-02-2014 11:52:17 System Checkpoint
23-02-2014 03:48:37 System Checkpoint
24-02-2014 12:24:06 System Checkpoint
26-02-2014 17:49:26 System Checkpoint
03-03-2014 12:17:01 System Checkpoint
05-03-2014 12:09:06 System Checkpoint
13-03-2014 05:16:42 System Checkpoint
17-03-2014 15:54:28 System Checkpoint
18-03-2014 17:28:07 System Checkpoint
20-03-2014 05:07:47 System Checkpoint
23-03-2014 17:11:32 System Checkpoint
24-03-2014 13:04:27 Removed Multiply AutoUploader
24-03-2014 23:35:01 Removed OutlookAddInNet3Setup
24-03-2014 23:36:08 Configured SmartSound Quicktracks Plugin
 
==================== Hosts content: ==========================
 
2011-05-15 17:06 - 2014-01-19 16:28 - 00569893 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               update.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
127.0.0.1                               lmlicenses.wip4.adobe.com
127.0.0.1                               lm.licenses.adobe.com
0.0.0.0 123spywar.com
0.0.0.0 www.123spywar.com
0.0.0.0 1clickspyclean.com
0.0.0.0 www.1clickspyclean.com
0.0.0.0 1clicksuite.net
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-97AD6BA9FD0D4BF-Administrator.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PandaUSBVaccine.job => C:\Program Files\Panda USB Vaccine\USBVaccine.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-08-11 18:16 - 2009-05-11 17:21 - 00155384 ____N () C:\WINDOWS\system32\guard32.dll
2008-08-11 00:01 - 2001-10-30 20:36 - 00045056 ____N () C:\WINDOWS\system32\ginamsi.dll
2008-08-11 18:16 - 2009-05-11 17:22 - 00700152 _____ () C:\Program Files\COMODO\Firewall\cmdagent.exe
2008-08-11 18:16 - 2009-05-11 17:15 - 00233208 _____ () C:\Program Files\COMODO\Firewall\framework.dll
2008-08-11 18:16 - 2009-05-11 17:15 - 00015096 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\common.cav
2009-05-11 17:43 - 2009-05-11 17:22 - 00014072 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\first.cav
2009-05-11 17:43 - 2009-05-11 17:22 - 00008952 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\pe32.cav
2009-05-11 17:43 - 2009-05-11 17:22 - 00007928 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\dosmz.cav
2009-05-11 17:43 - 2009-05-11 17:41 - 00013560 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\white.cav
2009-05-11 17:43 - 2009-05-11 17:41 - 00097016 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\heur.cav
2009-05-11 17:43 - 2009-05-11 17:43 - 00294648 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\pkann.dll
2009-05-11 17:43 - 2009-05-11 17:25 - 00544504 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\unpack.cav
2009-05-11 17:43 - 2009-05-11 17:25 - 00237304 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\unarch.cav
2009-05-11 17:43 - 2009-05-11 17:42 - 00364280 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\gunpack.cav
2009-05-11 17:43 - 2009-05-11 17:42 - 01027832 _____ () C:\Program Files\COMODO\Firewall\SCANNERS\mach32.dll
2008-10-12 12:56 - 2009-04-28 11:45 - 00159792 _____ () C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll
2008-08-10 23:14 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2003-08-02 23:20 - 2003-08-02 23:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
2008-12-23 17:36 - 2009-02-13 12:44 - 00117264 _____ () C:\Program Files\McAfee\SiteAdvisor\apengine.dll
2012-02-28 19:21 - 2007-06-04 22:29 - 00063296 _____ () D:\Program Files\UltraVNC Addons\uvnc_service.exe
2011-06-09 23:55 - 2008-08-18 15:08 - 00050688 _____ () D:\Program Files\Virtual CD v10\System\ogg.dll
2011-06-09 23:55 - 2008-08-18 15:11 - 01237504 _____ () D:\Program Files\Virtual CD v10\System\vorbis.dll
2008-08-18 16:53 - 2008-08-18 16:53 - 00016712 ____R () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2008-08-11 18:16 - 2009-05-11 17:15 - 01851128 _____ () C:\Program Files\COMODO\Firewall\cfp.exe
2009-05-11 17:43 - 2009-05-11 17:25 - 00283896 _____ () C:\Program Files\COMODO\Firewall\Themes\CFP.theme
2006-01-13 09:52 - 2008-04-14 08:11 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2006-01-13 09:20 - 2008-04-14 08:11 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2013-10-09 07:43 - 2007-12-17 15:49 - 00061440 _____ () C:\Genius\ioCentre\gTaskBar.exe
2013-10-09 07:43 - 2009-03-11 19:10 - 00126976 _____ () C:\Genius\ioCentre\GenXML.dll
2014-01-08 21:05 - 2013-12-13 06:19 - 00142848 _____ () D:\Program Files\Steam\libavresample-1.dll
2014-01-08 21:05 - 2013-11-05 09:12 - 00890592 _____ () D:\Program Files\Steam\libavutil-52.dll
2013-03-12 17:10 - 2014-02-11 10:34 - 00751616 _____ () D:\Program Files\Steam\SDL2.dll
2011-07-14 17:33 - 2014-02-26 05:57 - 01135296 _____ () D:\Program Files\Steam\bin\chromehtml.dll
2011-06-26 18:42 - 2014-01-11 07:33 - 20625832 _____ () D:\Program Files\Steam\bin\libcef.dll
2012-03-16 15:17 - 2013-06-15 07:49 - 01100800 _____ () D:\Program Files\Steam\bin\avcodec-53.dll
2012-03-16 15:17 - 2013-06-15 07:49 - 00124416 _____ () D:\Program Files\Steam\bin\avutil-51.dll
2012-03-16 15:17 - 2013-06-15 07:49 - 00192000 _____ () D:\Program Files\Steam\bin\avformat-53.dll
2013-10-09 07:43 - 2009-04-09 11:39 - 00299008 _____ () C:\Genius\ioCentre\gMouseTask.exe
2013-10-09 07:43 - 2007-12-21 15:16 - 00057344 _____ () C:\Genius\ioCentre\gfMedia.dll
2013-10-09 07:43 - 2009-03-27 18:04 - 00245760 _____ () C:\Genius\ioCentre\gfBrowser.dll
2013-10-09 07:43 - 2008-02-19 16:59 - 00017920 _____ () C:\Genius\ioCentre\gfOffice.dll
2013-10-09 07:43 - 2007-12-10 14:14 - 00022528 _____ () C:\Genius\ioCentre\gfSystem.dll
2013-10-09 07:43 - 2007-08-01 11:02 - 00031744 _____ () C:\Genius\ioCentre\gfEmail.dll
2013-10-09 07:43 - 2009-04-09 11:18 - 00172032 _____ () C:\Genius\ioCentre\gKbdTask.exe
2013-10-09 07:43 - 2007-01-19 19:07 - 00021504 _____ () C:\Genius\ioCentre\gDevMgm.dll
2013-10-09 07:43 - 2007-02-26 15:56 - 00180224 _____ () C:\Genius\ioCentre\gAutoPan.exe
2013-10-09 07:43 - 2007-01-19 19:03 - 00061440 _____ () C:\Genius\ioCentre\gAutoScroll.exe
2013-10-09 07:43 - 2007-02-26 16:16 - 00188416 _____ () C:\Genius\ioCentre\gZoom.exe
2013-10-09 07:43 - 2007-05-18 15:37 - 00021504 _____ () C:\Genius\ioCentre\gIoCentreHook.dll
2013-10-09 07:43 - 2009-03-10 15:27 - 00053248 _____ () C:\Genius\ioCentre\gIMMgm.exe
2013-10-09 07:43 - 2009-03-10 19:16 - 00176128 _____ () C:\Genius\ioCentre\gKbStatus.exe
2013-10-09 07:43 - 2008-02-14 11:49 - 00188416 _____ () C:\Genius\ioCentre\gDeskMgm.exe
2013-10-09 07:43 - 2007-03-21 15:39 - 00049152 _____ () C:\Genius\ioCentre\gTaskSwitch.exe
2008-10-13 18:17 - 2009-04-28 11:45 - 02527280 _____ () C:\Program Files\Alwil Software\Avast4\setup\avast.setup
2008-08-11 18:16 - 2009-05-11 17:21 - 00155384 ____N () C:\WINDOWS\System32\guard32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:الهريرة
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:مايكروسوفت
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D4275BC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Multiply AutoUploader.lnk => C:\WINDOWS\pss\Multiply AutoUploader.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Spyware Vaccine.lnk => C:\WINDOWS\pss\Spyware Vaccine.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\WINDOWS\pss\SpywareGuard.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk => C:\WINDOWS\pss\DualCoreCenter.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk => C:\WINDOWS\pss\SecureDoc.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\WINDOWS\pss\WDDMStatus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\WINDOWS\pss\WDSmartWare.lnkCommon Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: AS2014 => C:\Documents and Settings\All Users\Application Data\6VXld7X6\6VXld7X6.exe
MSCONFIG\startupreg: atwtusb => atwtusb.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DIMDownloading...1271254118180 => "D:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\documents and settings\all users\application data\corel\downloads\540215253_610005\1271254118180\dim_params.xml" -Launch=3 -uibase="c:\documents and settings\administrator\application data\corel\messages\540215253_610005\en\messagecache2\workflow"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => C:\Program Files\Electronic Arts\EADM\Core.exe -silent
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LiveMonitor => C:\Program Files\MSI\Live Update 3\LMonitor.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: Rainlendar2 => D:\Program Files\Rainlendar2\Rainlendar2.exe
MSCONFIG\startupreg: RGSC => D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: RogueMonitor => C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2014 09:14:49 PM) (Source: Application Error) (User: )
Description: Faulting application flashutil11c_activex.exe, version 11.0.1.152, faulting module unknown, version 0.0.0.0, fault address 0x0092f282.
Processing media-specific event for [flashutil11c_activex.exe!ws!]
 
Error: (03/24/2014 09:14:28 PM) (Source: Application Error) (User: )
Description: Faulting application flashutil32_11_6_602_168_plugin.exe, version 11.6.602.168, faulting module unknown, version 0.0.0.0, fault address 0x01a84000.
Processing media-specific event for [flashutil32_11_6_602_168_plugin.exe!ws!]
 
Error: (03/24/2014 01:16:07 AM) (Source: Application Error) (User: )
Description: Faulting application KeyScrambler.exe, version 2.3.0.1, faulting module unknown, version 0.0.0.0, fault address 0x001682b1.
Processing media-specific event for [KeyScrambler.exe!ws!]
 
Error: (03/23/2014 00:22:12 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 1
 
Error: (03/23/2014 00:22:12 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 288
 
Error: (03/23/2014 00:22:11 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 1
 
Error: (03/23/2014 00:22:11 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 288
 
Error: (03/23/2014 00:22:11 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 1
 
Error: (03/23/2014 00:22:11 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 288
 
Error: (03/23/2014 00:22:11 AM) (Source: Protexis Licensing Service) (User: )
Description: Failed to Release Mutex 
 Error ID = Returned Error 1
 
 
System errors:
=============
Error: (03/25/2014 02:14:48 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 02:14:40 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 02:14:04 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.
 
Error: (03/25/2014 01:52:22 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 01:52:17 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 01:51:56 PM) (Source: System Error) (User: )
Description: Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 00000000.
 
Error: (03/25/2014 01:51:45 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.
 
Error: (03/25/2014 01:36:44 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 01:36:40 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit service failed to start due to the following error: 
%%31
 
Error: (03/25/2014 01:36:23 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (11/10/2013 10:11:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6215.1000. This session lasted 1263 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (01/16/2013 09:33:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 138 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2012 06:43:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 145 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/02/2012 07:47:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3933 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (10/24/2009 00:54:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9628 seconds with 1500 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 60%
Total physical RAM: 2047.22 MB
Available physical RAM: 815.86 MB
Total Pagefile: 3942.61 MB
Available Pagefile: 2770.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:17.09 GB) NTFS
Drive d: () (Fixed) (Total:465.75 GB) (Free:73.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (D3_2.0.0) (CDROM) (Total:7.69 GB) (Free:0 GB) UDF
Drive j: (Transcend) (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: C15EC15E)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: DC8FDC8F)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by john1816, 25 March 2014 - 01:40 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 25 March 2014 - 10:07 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   2.65KB   2 downloads

 

 

 

How is the machine running now after this fix?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 26 March 2014 - 08:08 AM

Hmm...doing this in safe mode as of the moment since for some reason the computer is taking too long to start up (almost indefinitely). 

 

It happens somehow when i get an unstable internet connection, but i can't say for sure if its because of the fake Adobe pop-up either. (Edit* I tried unplugging the internet cable off and still long indefinite startup). 

 

Will have to see if the browser gets redirected again to the fake adobe update page when i search on google or if my yahoo searches get blocked by it. Also will have try to find a workaround with the long startup issue. 

 

 

 

Here is the log (ran on safe mode)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-03-26 21:05:55 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Safe Mode (minimal)
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\6VXld7X6\6VXld7X6.exe -sm,
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope value is missing.
S0 yhku; System32\drivers\fdhjhjr.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
 AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:الهريرة
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:مايكروسوفت
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5D4275BC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
MSCONFIG\startupreg: AS2014 => C:\Documents and Settings\All Users\Application Data\6VXld7X6\6VXld7X6.exe
 
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
yhku => Service deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe" => File/Directory not found.
C:\WINDOWS => ":nlsPreferences" ADS removed successfully.
C:\Documents and Settings\All Users\DRM => ":الهريرة" ADS removed successfully.
C:\Documents and Settings\All Users\DRM => ":مايكروسوفت" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":05EE1EEF" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5D4275BC" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":888AFB86" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":C8B8CEBD" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => Key deleted successfully.
 
========= MSCONFIG\startupAS2014 => C:\Documents and Settings\All Users\Application Data\6VXld7X6\6VXld7X6.exe =========
 
The system cannot find the path specified.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====

Edited by john1816, 26 March 2014 - 08:30 AM.


#6 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 26 March 2014 - 08:48 AM

Update* I tried starting windows (not-safe mode) in diagnostic mode via msconfig (temporarily) - hide all microsoft services and disable all, successful boot. So it doesn't seem to be an infection causing the indefinite startup (nor a faulty internet connection ~ one of my programs on startup automatically connects to the internet). From there i re-enabled my anti-virus and firewall back up. So it all rules out to be a faulty service that's causing the indefinite startup. (would have to try one by one each to identify it). 

 

Testing it to see if i am still redirected to an adobe flash update page. 


Edited by john1816, 26 March 2014 - 10:18 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 26 March 2014 - 05:55 PM

Try this and see if it helps.

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

Could you please also run FRST as you did the first time and post the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 28 March 2014 - 02:05 AM

I got it already to running smoothly each time i boot (having only loaded windows services and anti-virus programs) - though if i did the tweaking fix it might take me awhile to post the log for that because of the long scan. So far no slow-downs in booting anymore but will do the tweaking scan some time after - maybe sooner or later when i have the time. 

 

I still get redirected to the adobe page (even as i already updated chrome's flash player extension via google chrome extensions website). I've noticed there's been some entries keep showing up when i do a quick scan with Malwarebytes before (even as i removed them. When i do remove them, i stop getting redirected to the adobe page until the next reboot and the entries show up again after a quick scan.) 

 

I could post the mbam log to show the recurring file infections?

 

Anyhow, i went ahead with the FRST scan first. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on 97AD6BA9FD0D4BF on 28-03-2014 14:57:07
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\COMODO\Firewall\cmdagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(COMODO) C:\Program Files\Comodo\CBOClean\BOCORE.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Program Files\COMODO\Firewall\cfp.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\keyscrambler.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastUI.exe
(Valve Corporation) D:\Program Files\Steam\steam.exe
(CBS Software) C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusion.exe
(George Obada) C:\Program Files\DeskSlide\DeskSlide.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Blizzard Entertainment) D:\Program Files\Battle.net\Battle.net.4336\Battle.net.exe
(Tweaking.com) D:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\Firewall\cfp.exe [1851128 2009-05-11] ()
HKLM\...\Run: [COMODO Firewall Pro] - C:\Program Files\COMODO\Firewall\cfp.exe [1851128 2009-05-11] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [KeyScrambler] - C:\Program Files\KeyScrambler\keyscrambler.exe [510440 2008-11-22] (QFX Software Corporation)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\KeyScrambler: C:\WINDOWS\system32\KeyScramblerLogon.dll (QFX Software Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetIcon] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\S-1-5-19\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2006-01-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [KeyScrambler] - C:\Program Files\KeyScrambler\getting_started.html
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [Steam] - D:\Program Files\Steam\steam.exe [1821888 2014-02-26] (Valve Corporation)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [SpeedConnectStartUp] - C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe [603136 2010-06-19] (CBS Software)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [DisplayFusion] - C:\Program Files\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Run: [DeskSlide] - C:\Program Files\DeskSlide\DeskSlide.exe [806912 2008-01-27] (George Obada)
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1757981266-2147132087-839522115-500\...\MountPoints2: {c89efd16-66e1-11dd-b258-0019dbb3c4b6} - F:\LaunchU3.exe -a
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: socks=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 124.106.7.2 124.106.5.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gucjcvtg.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Acrobat - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-05-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-12-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-26]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-02]
FF HKCU\...\Firefox\Extensions: [hideip@hide-ip-soft.com] - C:\Documents and Settings\Administrator\Application Data\Hide IP NG\firefox_plugin\
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.ph
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-03-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-03-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-04-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [119200 2010-09-07] (AVAST Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
R2 BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [73464 2008-07-14] (COMODO)
R2 cmdAgent; C:\Program Files\COMODO\Firewall\cmdagent.exe [700152 2009-05-11] ()
S4 FirebirdServerMAGIXInstance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-10-30] (Flexera Software, Inc.)
S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [154032 2013-01-15] (Sun Microsystems, Inc.)
S4 MbaeSvc; D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-03] (McAfee, Inc.)
S4 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2226792 2011-05-14] (NVIDIA Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-29] (Rocket Division Software)
S4 Uvnc_service; D:\Program Files\UltraVNC Addons\uvnc_service.exe [63296 2007-06-04] ()
S4 VC10SecS; D:\Program Files\Virtual CD v10\System\VC10SecS.exe [145224 2009-11-12] (H+H Software GmbH)
S4 AEMZHABT; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AEMZHABT.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [28880 2010-09-07] (AVAST Software)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22528 2006-06-06] (WALTOP International Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
R1 aswFW; C:\WINDOWS\system32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [100176 2010-09-07] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
R3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [279712 2013-01-25] ()
R3 BOCDRIVE; C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [15376 2007-04-17] ()
R0 BootScreen; C:\WINDOWS\System32\drivers\vidstub.sys [163712 2009-03-01] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [110992 2009-05-11] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [24336 2009-05-11] (COMODO)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2010-09-13] ()
S3 gHidPnp; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [19456 2009-04-28] ()
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] ()
S3 gMouUsb; C:\WINDOWS\System32\DRIVERS\gMouUsb.sys [11520 2009-03-04] ()
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HH10Help.sys; C:\WINDOWS\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [80400 2009-05-11] (COMODO)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [113896 2008-06-25] (QFX Software Corporation)
R2 LF30FS; C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [101488 2004-11-20] ()
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2013-01-25] ()
S3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 npf; C:\WINDOWS\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [18856 2007-09-01] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119528 2011-05-10] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-05-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2008-12-04] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-19] (Almico Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-08-11] ()
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [102664 2008-11-20] (Trend Micro Inc.)
S3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [12104 2007-05-22] (RDV Soft)
R3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [390849 2005-10-27] (Vimicro Corporation)
U3 ayast6e7; C:\WINDOWS\system32\Drivers\ayast6e7.sys [0 ] (Microsoft Corporation)
S3 Bcim; system32\DRIVERS\bcim.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 ftapc; System32\drivers\htulclc.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
S3 MSICPL; \??\E:\install4\MSICPL.sys [X]
S0 nklmweo; System32\drivers\netdcdh.sys [X]
S3 NTACCESS; \??\E:\NTACCESS.sys [X]
S0 olas; System32\drivers\qxqrvv.sys [X]
S3 SCREAMINGBDRIVER; system32\drivers\ScreamingBAudio.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\E:\NTGLM7X.sys [X]
S3 sony_ssm.sys; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sony_ssm.sys [X]
S3 TMPassthruMP; system32\DRIVERS\TMPassthru.sys [X]
R5 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [183832 2009-11-09] (H+H Software GmbH)
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]
S3 WEBNTACCESS; \??\C:\Program Files\MSI\Live Update 3\NTACCESS.SYS [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-28 14:44 - 2014-03-28 14:46 - 00000042 _____ () C:\repairs_running.dat
2014-03-28 14:35 - 2014-03-28 14:35 - 00000842 _____ () C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-28 14:34 - 2014-03-28 14:34 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-28 14:34 - 2014-03-28 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-27 01:33 - 2014-01-19 16:28 - 00569893 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140327-013342.backup
2014-03-26 23:34 - 2014-03-26 23:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
2014-03-26 23:34 - 2010-09-07 22:54 - 00099792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFW.sys
2014-03-26 23:34 - 2010-09-07 22:53 - 00340048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-26 23:34 - 2010-09-07 22:52 - 00165584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-26 23:34 - 2010-09-07 22:47 - 00017744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2014-03-26 23:33 - 2010-09-07 22:53 - 00190416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-03-26 23:33 - 2010-09-07 22:52 - 00046672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-03-26 23:33 - 2010-09-07 22:47 - 00100176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmon2.sys
2014-03-26 23:33 - 2010-09-07 22:47 - 00094544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmon.sys
2014-03-26 23:33 - 2010-09-07 22:47 - 00023376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-03-26 23:33 - 2010-09-07 22:46 - 00028880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aavmker4.sys
2014-03-26 23:32 - 2014-03-26 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-03-26 23:32 - 2010-09-07 23:12 - 00038848 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-26 23:32 - 2010-09-07 23:11 - 00167592 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-26 23:32 - 2010-09-07 22:24 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-03-26 23:13 - 2014-03-26 23:13 - 00007918 _____ () C:\Documents and Settings\Administrator\Desktop\Recurring infection.txt
2014-03-26 23:12 - 2014-03-26 23:12 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-25 14:50 - 2014-03-25 14:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Battle.net
2014-03-25 14:44 - 2014-03-25 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Battle.net
2014-03-25 14:17 - 2014-03-25 14:18 - 00065360 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-03-25 14:16 - 2014-03-28 14:57 - 00000000 ____D () C:\FRST
2014-03-25 14:16 - 2014-03-25 14:18 - 00042875 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-25 13:57 - 2014-03-25 13:59 - 00000000 ____D () C:\AdwCleaner
2014-03-25 13:48 - 2014-03-25 13:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 07:48 - 2014-03-26 23:10 - 00000106 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2014-03-25 07:31 - 2014-03-28 14:42 - 00068072 _____ () C:\WINDOWS\setupapi.log
2014-03-25 01:31 - 2014-03-25 01:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-03-25 00:31 - 2014-03-25 00:31 - 00196235 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-25 00:31 - 2014-03-25 00:31 - 00021699 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-24 21:18 - 2014-03-24 21:18 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-24 21:18 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-03-24 21:06 - 2014-03-28 14:12 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 21:05 - 2014-03-28 13:53 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:05 - 2014-03-24 21:09 - 00000000 ____D () C:\Program Files\Google
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Licenses
2014-03-23 23:48 - 2014-03-24 21:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-23 00:20 - 2014-03-23 00:22 - 00422387 _____ () C:\Documents and Settings\Administrator\Desktop\Thermo 1 Schematic Diagram 3.cdr
2014-03-21 14:33 - 2014-03-21 15:02 - 00000598 _____ () C:\Documents and Settings\Administrator\Desktop\Wings of Valor.txt
2014-03-03 01:28 - 2013-09-16 22:21 - 00097539 _____ () C:\Documents and Settings\Administrator\Desktop\Frequency Distribution.pptx
2014-02-27 14:58 - 2014-03-28 14:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Battle.net
2014-02-27 14:58 - 2014-02-27 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Battle.net
2014-02-27 07:32 - 2014-02-27 07:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
 
==================== One Month Modified Files and Folders =======
 
2014-03-28 14:57 - 2014-03-25 14:16 - 00000000 ____D () C:\FRST
2014-03-28 14:57 - 2014-02-27 14:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Battle.net
2014-03-28 14:56 - 2011-12-12 19:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-03-28 14:46 - 2014-03-28 14:44 - 00000042 _____ () C:\repairs_running.dat
2014-03-28 14:46 - 2013-02-25 21:21 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-03-28 14:42 - 2014-03-25 07:31 - 00068072 _____ () C:\WINDOWS\setupapi.log
2014-03-28 14:35 - 2014-03-28 14:35 - 00000842 _____ () C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-03-28 14:34 - 2014-03-28 14:34 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-28 14:34 - 2014-03-28 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-28 14:12 - 2014-03-24 21:06 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 14:11 - 2008-08-10 23:20 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-28 13:53 - 2014-03-24 21:05 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 13:53 - 2012-05-06 21:14 - 00000540 _____ () C:\WINDOWS\Tasks\PandaUSBVaccine.job
2014-03-28 13:53 - 2008-08-11 00:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-28 13:53 - 2008-08-11 00:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-28 13:53 - 2008-08-10 23:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-28 06:13 - 2008-08-10 23:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-28 06:13 - 2008-08-10 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-28 06:13 - 2008-08-10 23:16 - 01337211 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-28 02:00 - 2013-05-06 18:36 - 00000358 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-97AD6BA9FD0D4BF-Administrator.job
2014-03-28 02:00 - 2008-08-14 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-03-27 16:02 - 2009-12-21 22:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-03-27 01:55 - 2006-01-01 17:55 - 00000000 ____D () C:\Program Files\QMacro
2014-03-26 23:45 - 2008-08-11 00:33 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\Security
2014-03-26 23:37 - 2008-10-12 12:56 - 00000000 ____D () C:\Program Files\Alwil Software
2014-03-26 23:34 - 2014-03-26 23:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
2014-03-26 23:33 - 2008-08-10 23:17 - 00002626 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-03-26 23:32 - 2014-03-26 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-03-26 23:16 - 2011-09-20 17:36 - 00000000 ____D () C:\WINDOWS\11AE680750D24F5982B32C3E695E94C2.TMP
2014-03-26 23:15 - 2008-08-11 00:56 - 00917504 _____ () C:\WINDOWS\system32\config\Antivirus.Evt
2014-03-26 23:14 - 2008-09-13 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BOC427
2014-03-26 23:13 - 2014-03-26 23:13 - 00007918 _____ () C:\Documents and Settings\Administrator\Desktop\Recurring infection.txt
2014-03-26 23:12 - 2014-03-26 23:12 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-26 23:12 - 2012-01-29 12:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-26 23:10 - 2014-03-25 07:48 - 00000106 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2014-03-26 23:10 - 2008-08-14 20:44 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\VGR
2014-03-26 22:40 - 2008-08-11 19:55 - 00000000 ____D () C:\WINDOWS\pss
2014-03-26 22:16 - 2006-01-13 09:50 - 00001037 _____ () C:\WINDOWS\win.ini
2014-03-26 22:16 - 2006-01-13 09:29 - 00000243 _____ () C:\WINDOWS\system.ini
2014-03-26 19:43 - 2006-01-13 09:26 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-25 14:51 - 2014-03-25 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Battle.net
2014-03-25 14:51 - 2010-08-23 21:32 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-03-25 14:51 - 2010-08-23 21:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2014-03-25 14:44 - 2014-03-25 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Battle.net
2014-03-25 14:18 - 2014-03-25 14:17 - 00065360 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-03-25 14:18 - 2014-03-25 14:16 - 00042875 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-25 13:59 - 2014-03-25 13:57 - 00000000 ____D () C:\AdwCleaner
2014-03-25 13:48 - 2008-08-18 19:55 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 13:47 - 2014-03-25 13:48 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032514-01.dmp
2014-03-25 13:26 - 2008-11-16 18:54 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-03-25 07:37 - 2012-02-26 15:26 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-03-25 07:37 - 2012-02-26 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
2014-03-25 07:37 - 2009-01-29 22:10 - 00000000 ____D () C:\Program Files\Image-Line
2014-03-25 07:37 - 2009-01-29 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Image-Line
2014-03-25 07:35 - 2011-06-18 17:25 - 00000000 ____D () C:\Program Files\Samsung
2014-03-25 07:32 - 2011-04-10 14:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Pavark
2014-03-25 07:27 - 2011-04-26 20:46 - 00000000 ____D () C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2014-03-25 01:32 - 2008-08-10 22:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-25 01:31 - 2014-03-25 01:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-03-25 01:31 - 2008-10-12 12:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 00:31 - 2014-03-25 00:31 - 00196235 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-25 00:31 - 2014-03-25 00:31 - 00021699 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-24 21:19 - 2008-08-10 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-03-24 21:18 - 2014-03-24 21:18 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-24 21:18 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-24 21:18 - 2014-03-23 23:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-24 21:16 - 2008-10-07 22:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-24 21:15 - 2010-01-16 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-03-24 21:15 - 2008-08-13 13:40 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-24 21:10 - 2014-03-24 21:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-24 21:10 - 2014-03-24 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-03-24 21:10 - 2008-09-13 18:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-03-24 21:09 - 2014-03-24 21:05 - 00000000 ____D () C:\Program Files\Google
2014-03-24 20:50 - 2008-08-14 16:22 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Licenses
2014-03-24 01:35 - 2012-04-12 23:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2014-03-24 01:17 - 2012-02-17 21:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\TempDIR
2014-03-24 01:17 - 2008-08-10 23:57 - 00000000 ____D () C:\WINDOWS\Cursors
2014-03-24 00:39 - 2012-01-22 16:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-24 00:36 - 2012-01-22 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-23 02:00 - 2014-01-19 03:02 - 00390104 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-23 00:22 - 2014-03-23 00:20 - 00422387 _____ () C:\Documents and Settings\Administrator\Desktop\Thermo 1 Schematic Diagram 3.cdr
2014-03-21 15:02 - 2014-03-21 14:33 - 00000598 _____ () C:\Documents and Settings\Administrator\Desktop\Wings of Valor.txt
2014-02-27 15:01 - 2014-02-27 14:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Battle.net
2014-02-27 15:01 - 2013-03-16 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
2014-02-27 07:32 - 2014-02-27 07:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Edited by john1816, 28 March 2014 - 03:50 AM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 28 March 2014 - 10:45 PM

Please post the  Malwarebytes log. When does the adobe update appear?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 29 March 2014 - 02:45 AM

Here is the log. Makes me wonder why there are infected files are hiding in my documents folder. I run quick scans with mbam to see if the files keep coming back even as i removed them with mbam. 
 
Having observed over the last few days while using chrome, sometimes typing something in the search bar above and hitting enter will redirect me to the adobe flash update page. Surprisingly sometimes even if i didn't do anything with chrome, the current tab i am at will automatically redirect me to the adobe flash update page. Am pretty sure its not a false-positive (though its really hard to tell) since once i get there a popup will appear saying something like "Your adobe flash player is out of date. Please update your flash player now." When i click either on the "x" button it goes ahead and downloads it as well as the "ok" button - leaving me with no choice to download it. I hit the stop loading button at chrome to stop the download immediately. When it did got downloaded - the icon doesn't resemble anything like the red classic flash player setup icon, but some grey gift package. The similarities of the websites are really close - it would be hard to tell myself - even the url name is similar, If i could post the screenshot to it when i get the chance. I recall first getting this pop-up when i was browsing in some sites even if they were marked green by a site advisor. It must've been one of the ads in the site when loaded. 
 
To really compare the suspected site with adobe, i went to the legitimate adobe flash update page. The legitimate flash update page i got in had the same background as the one with the suspected site. I checked my flash version number and it matched the latest version. The site didn't nag me with a pop-up unlike the previous suspected one. When i downloaded it, the site went to the "2 out of 3" phase, a loading bar was shown (unlike the previous one which directly downloaded) and after downloading the icon was the classic red flash player setup we all know. So it lead me to suspect that it really was an infection. 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.25.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: 97AD6BA9FD0D4BF [administrator]
 
Protection: Enabled
 
3/26/2014 10:47:27 PM
Recurring infection.txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287722
Time elapsed: 25 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
 
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 25
C:\Documents and Settings\All Users\Application Data\BOC427\evidence.boc (PUP.HackTool.HotKeysHook) -> No action taken.
C:\Documents and Settings\Administrator\My Documents\Downloads\mev102+13tr.rar (PUP.HackTool.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\amstream.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my videos\pulgfile.log (Malware.Trace) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\aweks.pikz (Backdoor.Bot) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\my pictures.exe (Worm.AutoRun) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\my pictures.url (Trojan.Zlob) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\water lilies.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\winter.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\seram.pikz (Backdoor.Bot) -> No action taken.
c:\documents and settings\administrator\my documents\my videos\my video.url (Trojan.Zlob) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\reflector.exe (MSIL.WinLock) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\smms.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\svchost.exe (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\irrlicht.dll (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\conmin.exe (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\system32.vbs (Trojan.Script) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\msconfig.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sqlsrv32.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\skypeportable_.exe (Trojan.Agent.E) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\death.exe (Trojan.Agent.E) -> No action taken.
 
(end)


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 30 March 2014 - 11:23 AM

 

C:\Documents and Settings\All Users\Application Data\BOC427\evidence.boc (PUP.HackTool.HotKeysHook) -> No action taken.
C:\Documents and Settings\Administrator\My Documents\Downloads\mev102+13tr.rar (PUP.HackTool.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\amstream.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my videos\pulgfile.log (Malware.Trace) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\aweks.pikz (Backdoor.Bot) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\my pictures.exe (Worm.AutoRun) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\my pictures.url (Trojan.Zlob) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\water lilies.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\winter.exe (Trojan.Xanib) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\seram.pikz (Backdoor.Bot) -> No action taken.
c:\documents and settings\administrator\my documents\my videos\my video.url (Trojan.Zlob) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\reflector.exe (MSIL.WinLock) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sample pictures\smms.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\svchost.exe (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\irrlicht.dll (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\conmin.exe (Trojan.Agent.MPCI) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\system32.vbs (Trojan.Script) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\msconfig.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\sqlsrv32.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\skypeportable_.exe (Trojan.Agent.E) -> No action taken.
c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\death.exe (Trojan.Agent.E) -> No action taken.
 
(end)

I see no action taken in these logs.

You need to allow MBAM to delete or quarantine these files.

Please do the following make sure to read the directions carefully.

 

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 31 March 2014 - 08:22 AM

Hmm...this is getting a bit complicated...

 

For some reason the link to malware bytes anti-rootkit is broken. But what's more is that the adobe flash update page is what seems to be stopping me from downloading. I would need to obtain the files from a non-affected computer. While i was searching for an alternative link for the malware bytes anti-rootkit download i went to cnet.com (trusted download source) and tried downloading from there. Surprisingly, my tab refreshed to the Adobe flash update loaded instead. I got to screenshot that page this time. 

 

I managed to get to the roguekiller site and attempted to download it but it seems to be stuck at "Starting..." 

 

I then checked if my net was ok, and tested it with SpeedConnect (A connection tester program) - there was considerable network activity in my computer when i tested a download with the program so my net wasn't faulty. 

 

My laptop on the other hand seemed to get affected as well by the adobe update page with the same behavior as i am experiencing in my computer, however it did not get infected by any scamware program - will try to get these programs though soon :)

 

Strange though mbam lists no action was taken - but it did prompt me a "reboot your system now" and did so, after i clicked on the removal button which i then assumed that the removal took place on the next system boot. 


Edited by john1816, 31 March 2014 - 08:25 AM.


#13 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 31 March 2014 - 12:08 PM

Ok i managed to download mbar and did a scan. The download for roguekiller seems very long even as i tried it on other computers. Also managed to run that and scanned as well. 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_39
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.402000 GHz
Memory total: 2146664448, free: 853475328
 
Downloaded database version: v2014.03.31.05
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
     03/31/2014 21:53:11
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
vidstub.sys
sphu.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
aswNdis2.sys
aswNdis.sys
speedfan.sys
sfhlp02.sys
sfdrv01.sys
Mup.sys
giveio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\drivers\keyscrambler.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\adyud58r.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\vdrv1000.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\usbVM303.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\??\C:\WINDOWS\system32\drivers\tmcomm.sys
\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\daemon.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ba49ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8ba54940
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi is hooked
IRP handler 2 of \Driver\atapi is hooked
IRP handler 14 of \Driver\atapi is hooked
IRP handler 22 of \Driver\atapi is hooked
IRP handler 23 of \Driver\atapi is hooked
IRP handler 27 of \Driver\atapi is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ba49ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8ba54940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ba4aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8ba57b00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ba4aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8bb43d10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ba4aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ba57b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe6216268, 0xffffffff8ba4aab8, 0xffffffff895fc990
Lower DeviceData: 0xffffffffe65075f8, 0xffffffff8ba57b00, 0xffffffff896f9498
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C15EC15E
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ba49ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ba48e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ba49ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ba58f18, DeviceName: \Device\0000008e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ba54940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe4b2bcf0, 0xffffffff8ba49ab8, 0xffffffff88b24ab8
Lower DeviceData: 0xffffffffe4a40760, 0xffffffff8ba54940, 0xffffffff89b6f040
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DC8FDC8F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976751937
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Read File: File "C:\WINDOWS\system32\config\system" is compressed (flags = 1)
Infected: c:\documents and settings\administrator\my documents\my pictures\amstream.exe --> [Trojan.Agent]
Infected: c:\documents and settings\administrator\my documents\my videos\pulgfile.log --> [Malware.Trace]
Infected: c:\documents and settings\administrator\my documents\my pictures\aweks.pikz --> [Backdoor.Bot]
Infected: c:\documents and settings\administrator\my documents\my pictures\my pictures.exe --> [Worm.AutoRun]
Infected: c:\documents and settings\administrator\my documents\my pictures\my pictures.url --> [Trojan.Zlob]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\blue hills.exe --> [Trojan.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\cakep.exe --> [Worm.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\cuakep.exe --> [Worm.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\sunset.exe --> [Trojan.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\water lilies.exe --> [Trojan.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\winter.exe --> [Trojan.Xanib]
Infected: c:\documents and settings\administrator\my documents\my pictures\seram.pikz --> [Backdoor.Bot]
Infected: c:\documents and settings\administrator\my documents\my videos\my video.url --> [Trojan.Zlob]
Infected: c:\documents and settings\administrator\my documents\my pictures\reflector.exe --> [MSIL.WinLock]
Infected: c:\documents and settings\administrator\my documents\my pictures\sample pictures\smms.exe --> [Trojan.Dropper]
Infected: c:\documents and settings\administrator\my documents\my pictures\svchost.exe --> [Trojan.Agent.MPCI]
Infected: c:\documents and settings\administrator\my documents\my pictures\irrlicht.dll --> [Trojan.Agent.MPCI]
Infected: c:\documents and settings\administrator\my documents\my pictures\conmin.exe --> [Trojan.Agent.MPCI]
Infected: c:\documents and settings\administrator\my documents\my pictures\system32.vbs --> [Trojan.Script]
Infected: c:\documents and settings\administrator\my documents\my pictures\msconfig.exe --> [Trojan.Agent]
Infected: c:\documents and settings\administrator\my documents\my pictures\sqlsrv32.exe --> [Trojan.Agent]
Infected: c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\skypeportable_.exe --> [Trojan.Agent.E]
Infected: c:\documents and settings\administrator\my documents\my pictures\desktop backgrounds\death.exe --> [Trojan.Agent.E]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 04/01/2014 06:55:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (socks= [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               update.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-00JHC0 +++++
--- User ---
[MBR] d9b121c4f16554c9daefd3730eb262f8
[BSP] bffe9e8dcfa71a5e0423ef8cc2967f3d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD501LJ +++++
--- User ---
[MBR] 0af8acf0409706c764133db21608bd3a
[BSP] ebed00d2683e1b2e477685b366ecc09e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04012014_065549.txt >>
 
 
 
 

Edited by john1816, 31 March 2014 - 05:57 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:13 PM

Posted 31 March 2014 - 06:41 PM

 

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (socks= [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

Do you know about this do you have a private address set on this machine?

 

2.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click HOSTFIX 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 john1816

john1816
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 02 April 2014 - 06:27 AM

Sorry, the Eset scan might take awhile/would have to wait as it does stall if i move the mouse too much. I'll do it over night and hopefully it'll finish by then. 

 

Nope, i haven't recalled setting a private address on my computer. I'm not sure though if any of my anti-virus/anti-malware or other software is capable of doing that. 

 

Was about to type about something before but the eset scan stalled, anyways here's what happened so far.  

On one occasion when i just type "facebook.com" in chrome's search bar, i get redirected to the adobe page. On the other hand if i add the prefix "www." before it, i get to the intended site. So this is one way i can replicate the incident or get to the fake adobe page. If there is a way to block it  via browser or computer perhaps it might help? Although if i use firefox and type "facebook.com" on the search bar, the "www." prefix is automatically added thus, preventing me from being redirected to the site - but still i did get even redirected when i was using firefox.

 

Also i noticed that apart from my laptop (running on Windows Vista) which also got the page, other computers in my home network are also getting it. I'm not sure if there's such a thing as network infection, but it might seem that way...

 

Currently still have to see if its completely gone each day. 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : HOSTSFix -- Date : 04/01/2014 13:38:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=) -> NOT REMOVED, USE PROXYFIX
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               update.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
[...]
 
 
¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost
 
 
Finished : << RKreport[0]_H_04012014_133841.txt >>
RKreport[0]_S_04012014_065549.txt;RKreport[0]_S_04012014_133453.txt

Edited by john1816, 02 April 2014 - 06:29 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users