Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ping.exe 32* infection

Started by Garlet01 , Dec 07 2011 01:25 PM

Page 3 of 5
1
2
3
4
5

Please log in to reply

#31
RKinner

Posted 29 December 2011 - 11:05 AM

Malware Expert

Expert
24,624 posts

Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#32
Garlet01

Posted 29 December 2011 - 11:38 AM

Member

Topic Starter
Member
42 posts

attempt 1 led to blue screen
gana try again

#33
Garlet01

Posted 29 December 2011 - 12:12 PM

Member

Topic Starter
Member
42 posts

oky here are the results (btw if its relievent win 7 securty malware poped up after it was fin)
OLT.txt:
OTL logfile created on: 12/29/2011 12:39:22 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ante Koscica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003009 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 70.40% Memory free
7.35 Gb Paging File | 6.18 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 164.23 Gb Free Space | 36.28% Space Free | Partition Type: NTFS

Computer Name: ANTEKOSCICA-PC | User Name: Ante Koscica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/07 14:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ante Koscica\Downloads\OTL.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/16 09:42:01 | 001,449,696 | ---- | M] (GameRanger Technologies) -- C:\Users\Ante Koscica\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/31 22:55:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/20 07:17:47 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\taskmgr.exe
PRC - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/22 12:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/17 12:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/12/04 20:28:42 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/05 18:29:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/31 22:55:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/21 15:09:00 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/26 14:18:01 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/15 00:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/14 21:46:56 | 000,727,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/24 04:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/04 04:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/25 04:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 14:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/06 08:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/12/03 16:37:38 | 000,040,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys -- (wolf)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...34z165a4622d261
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...34z165a4622d261

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=161107
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110805"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110805&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ante Koscica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ante Koscica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ante Koscica\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ante Koscica\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ante Koscica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Ante Koscica\AppData\Roaming\5053 [2011/12/08 20:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 11:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 14:18:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Ante Koscica\AppData\Roaming\5053 [2011/12/08 20:11:06 | 000,000,000 | ---D | M]

[2011/10/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Extensions
[2011/10/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/12 10:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions
[2011/10/08 12:20:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\[email protected]
[2011/10/10 15:15:12 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\[email protected]
[2011/05/18 18:33:19 | 000,002,242 | ---- | M] () -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\searchplugins\AOL Search.xml
[2011/11/14 06:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 12:50:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/13 11:13:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/05/18 18:33:19 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2011/09/30 18:22:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/13 11:13:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ante Koscica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ante Koscica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Ante Koscica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF2664.3XE /c C:\ComboFix\Combobatch.bat File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Ante Koscica\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: DhcpNameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: NameServer = 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E87118A4-5ACA-4C3D-99FD-08A79A3CA1C1}: NameServer = 208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klartew: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll) - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = b3] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = b3] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKCU\...exe [@ = FT] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe" -a "%1" %* (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 11:14:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/29 11:10:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/12/29 11:00:40 | 000,000,000 | ---D | C] -- C:\139e57d6f8b4f9577737c1b7
[2011/12/29 01:42:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/29 01:41:33 | 000,000,000 | ---D | C] -- C:\753757468d0225f34209b20aec22
[2011/12/29 00:41:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 00:41:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 00:41:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 00:40:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/29 00:05:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/29 00:01:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2011/12/28 16:10:31 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\fsb.exe
[2011/12/28 11:43:13 | 000,000,000 | ---D | C] -- C:\e13a162e6d30d94c4f38
[2011/12/26 19:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/12/26 19:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nemesis of the Roman Empire
[2011/12/26 19:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nemesis of the Roman Empire
[2011/12/26 19:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nemesis of the Roman Empire
[2011/12/23 21:06:04 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\leo.exe
[2011/12/23 20:39:01 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\gss.exe
[2011/12/23 18:22:49 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\nql.exe
[2011/12/20 21:49:58 | 000,000,000 | ---D | C] -- C:\3defeba66442315dfc254abfd121
[2011/12/19 21:47:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/19 21:47:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/19 21:47:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/19 21:47:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/19 21:47:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/19 21:47:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/19 21:47:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/19 21:47:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/19 21:47:39 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/19 21:47:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/19 21:47:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/19 20:23:37 | 000,000,000 | -HSD | C] -- C:\found.006
[2011/12/18 09:11:04 | 000,000,000 | ---D | C] -- C:\ebbdea961f1abb7a09ed87d7
[2011/12/17 13:35:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/17 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\FileHunter
[2011/12/16 23:12:59 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/16 23:12:42 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\llq.exe
[2011/12/16 17:47:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/16 15:29:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/16 15:24:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/16 15:24:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/16 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/15 21:07:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/12 10:00:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/12 09:56:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/10 13:46:37 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Pogo
[2011/12/10 13:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Pogo
[2011/12/10 13:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monopoly City
[2011/12/10 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Monopoly City
[2011/12/08 20:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\5053
[2011/12/08 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\xmldm
[2011/12/08 19:14:51 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\kock
[2011/12/07 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\Desktop\New folder (4)
[2011/12/06 13:52:41 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Reviversoft
[2011/12/06 13:51:42 | 000,018,760 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2011/12/06 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2011/12/04 20:28:42 | 000,670,224 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2011/12/03 15:47:11 | 000,000,000 | ---D | C] -- C:\Game
[2011/12/03 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/03 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\IObit
[2011/12/03 14:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/12/01 21:58:13 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Grand Ages Rome
[2011/11/29 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
[2011/11/29 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\CorsixTH
[2011/11/29 18:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\CorsixTH
[2011/11/29 15:48:42 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Reign of Augustus
[2011/11/29 13:30:39 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/11/29 13:30:39 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/11/29 13:30:39 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/11/29 13:30:39 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/11/29 13:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/18 17:13:53 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/12/29 12:41:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 12:41:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 12:36:42 | 000,012,930 | -HS- | M] () -- C:\ProgramData\g7256pn24a24h4812jv68ogcooj2y2yaas86fm55tj8uy
[2011/12/29 12:35:21 | 000,012,902 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\g7256pn24a24h4812jv68ogcooj2y2yaas86fm55tj8uy
[2011/12/29 12:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/29 12:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/29 11:44:03 | 000,012,796 | -HS- | M] () -- C:\ProgramData\1869506039
[2011/12/29 11:34:07 | 397,581,841 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 11:28:13 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2011/12/29 10:50:38 | 000,007,886 | -HS- | M] () -- C:\ProgramData\m5442ot63e22p5475ae45dlnvrg6m6xolv80rg41ku3ym
[2011/12/29 01:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/29 01:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/29 00:32:00 | 000,001,205 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\FixNCR(1).reg
[2011/12/29 00:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/29 00:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/29 00:25:42 | 000,013,788 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\k6480ph3847nj8n3r544876sfkvmt3wru4ff12
[2011/12/29 00:25:42 | 000,013,788 | -HS- | M] () -- C:\ProgramData\k6480ph3847nj8n3r544876sfkvmt3wru4ff12
[2011/12/28 23:46:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/28 23:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/28 23:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/28 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/28 22:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/28 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/28 21:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/28 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/28 20:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/28 19:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/28 19:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/28 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/28 18:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/28 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/28 17:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/28 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/28 16:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/28 16:10:31 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\fsb.exe
[2011/12/28 15:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/28 15:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/28 14:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/28 14:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/28 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/28 13:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/28 13:11:29 | 000,014,856 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\637137n7y858v116t034c5egj2p7
[2011/12/28 13:11:29 | 000,014,856 | -HS- | M] () -- C:\ProgramData\637137n7y858v116t034c5egj2p7
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/28 11:30:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/28 11:30:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/28 11:30:24 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/28 11:30:24 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/26 12:08:58 | 000,065,536 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\(2) Pokemon_Emerald_386.sav
[2011/12/24 21:18:20 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\7XMWv.com.b
[2011/12/24 21:18:09 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\7XMWv.com
[2011/12/23 21:06:04 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\leo.exe
[2011/12/23 20:40:31 | 000,010,302 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/23 20:40:31 | 000,010,302 | -HS- | M] () -- C:\ProgramData\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/23 20:39:01 | 000,332,800 | ---- | M] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\gss.exe
[2011/12/23 18:23:52 | 000,006,124 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\524v5ot87f87m85221stvy6g42ce1q8i00gmdwq7
[2011/12/23 18:23:52 | 000,006,124 | -HS- | M] () -- C:\ProgramData\524v5ot87f87m85221stvy6g42ce1q8i00gmdwq7
[2011/12/23 18:22:49 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\nql.exe
[2011/12/23 14:40:08 | 000,007,720 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\430266g8g434x342c241p4vjs8y0
[2011/12/23 14:40:08 | 000,007,720 | -HS- | M] () -- C:\ProgramData\430266g8g434x342c241p4vjs8y0
[2011/12/20 18:39:25 | 000,348,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/17 13:29:44 | 000,003,108 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\s4tx87v5rt4vto
[2011/12/17 13:29:44 | 000,003,108 | -HS- | M] () -- C:\ProgramData\s4tx87v5rt4vto
[2011/12/16 23:12:42 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Users\Ante Koscica\AppData\Local\llq.exe
[2011/12/16 16:42:49 | 000,084,520 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\NiceTry.jpg
[2011/12/16 15:57:08 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/16 14:39:30 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:10:06 | 000,015,162 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\304740a6t017u215p041i7jpv2k3
[2011/12/15 21:10:06 | 000,015,162 | -HS- | M] () -- C:\ProgramData\304740a6t017u215p041i7jpv2k3
[2011/12/12 10:53:44 | 000,000,512 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\MBR.dat
[2011/12/12 09:59:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/12 09:52:18 | 000,012,440 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/12 09:52:18 | 000,012,440 | -HS- | M] () -- C:\ProgramData\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/11 21:19:38 | 002,180,378 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\974817_700b.jpg
[2011/12/11 21:10:44 | 000,049,184 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\963676_460s.jpg
[2011/12/11 21:08:14 | 000,116,323 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\978148_460s.jpg
[2011/12/11 20:51:31 | 000,214,750 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\838153_700b_v1.jpg
[2011/12/10 13:45:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Monopoly City.lnk
[2011/12/10 10:53:31 | 000,000,112 | ---- | M] () -- C:\ProgramData\mXSYmh3.dat
[2011/12/08 20:56:53 | 000,000,068 | ---- | M] () -- C:\Users\Ante Koscica\AppData\Roaming\blckdom.res
[2011/12/06 17:05:02 | 000,012,076 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 17:05:02 | 000,012,076 | -HS- | M] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/04 20:28:42 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2011/12/04 20:22:14 | 000,015,414 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\6m87wd2e03u886
[2011/12/04 20:22:14 | 000,015,414 | -HS- | M] () -- C:\ProgramData\6m87wd2e03u886
[2011/12/03 18:27:59 | 000,116,224 | ---- | M] () -- C:\Windows\SysWow64\7XMWv.com_
[2011/11/29 13:30:20 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/11/29 13:30:20 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/11/29 13:30:20 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/11/29 13:30:20 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

========== Files Created - No Company Name ==========

[2011/12/29 11:44:03 | 000,012,902 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\g7256pn24a24h4812jv68ogcooj2y2yaas86fm55tj8uy
[2011/12/29 11:44:03 | 000,012,796 | -HS- | C] () -- C:\ProgramData\1869506039
[2011/12/29 11:41:59 | 000,012,930 | -HS- | C] () -- C:\ProgramData\g7256pn24a24h4812jv68ogcooj2y2yaas86fm55tj8uy
[2011/12/29 11:28:13 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2011/12/29 10:48:04 | 000,007,886 | -HS- | C] () -- C:\ProgramData\m5442ot63e22p5475ae45dlnvrg6m6xolv80rg41ku3ym
[2011/12/29 00:41:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 00:41:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 00:41:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 00:41:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 00:41:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 00:31:59 | 000,001,205 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\FixNCR(1).reg
[2011/12/29 00:04:52 | 397,581,841 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/28 16:10:36 | 000,013,788 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\k6480ph3847nj8n3r544876sfkvmt3wru4ff12
[2011/12/28 16:10:36 | 000,013,788 | -HS- | C] () -- C:\ProgramData\k6480ph3847nj8n3r544876sfkvmt3wru4ff12
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 21:18:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 21:18:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/24 21:18:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/24 21:18:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/24 21:18:20 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\7XMWv.com
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/24 21:18:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/24 21:18:20 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/23 21:06:10 | 000,014,856 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\637137n7y858v116t034c5egj2p7
[2011/12/23 21:06:10 | 000,014,856 | -HS- | C] () -- C:\ProgramData\637137n7y858v116t034c5egj2p7
[2011/12/23 20:39:06 | 000,010,302 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/23 20:39:06 | 000,010,302 | -HS- | C] () -- C:\ProgramData\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/23 18:22:54 | 000,006,124 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\524v5ot87f87m85221stvy6g42ce1q8i00gmdwq7
[2011/12/23 18:22:54 | 000,006,124 | -HS- | C] () -- C:\ProgramData\524v5ot87f87m85221stvy6g42ce1q8i00gmdwq7
[2011/12/18 10:25:09 | 000,007,720 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\430266g8g434x342c241p4vjs8y0
[2011/12/18 10:25:09 | 000,007,720 | -HS- | C] () -- C:\ProgramData\430266g8g434x342c241p4vjs8y0
[2011/12/16 23:12:48 | 000,003,108 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\s4tx87v5rt4vto
[2011/12/16 23:12:48 | 000,003,108 | -HS- | C] () -- C:\ProgramData\s4tx87v5rt4vto
[2011/12/16 16:42:29 | 000,084,520 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\NiceTry.jpg
[2011/12/16 14:39:30 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 19:52:45 | 000,015,162 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\304740a6t017u215p041i7jpv2k3
[2011/12/13 19:52:45 | 000,015,162 | -HS- | C] () -- C:\ProgramData\304740a6t017u215p041i7jpv2k3
[2011/12/12 10:52:18 | 000,000,512 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\MBR.dat
[2011/12/12 09:26:40 | 000,012,440 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/12 09:26:40 | 000,012,440 | -HS- | C] () -- C:\ProgramData\frvivf3i4vur5rmx1wal1i614o0j
[2011/12/11 21:19:25 | 002,180,378 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\974817_700b.jpg
[2011/12/11 21:10:44 | 000,049,184 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\963676_460s.jpg
[2011/12/11 21:08:14 | 000,116,323 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\978148_460s.jpg
[2011/12/11 20:51:29 | 000,214,750 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\838153_700b_v1.jpg
[2011/12/10 13:45:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Monopoly City.lnk
[2011/12/08 19:15:05 | 000,000,068 | ---- | C] () -- C:\Users\Ante Koscica\AppData\Roaming\blckdom.res
[2011/12/06 16:11:54 | 000,012,076 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 16:11:54 | 000,012,076 | -HS- | C] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/06 13:14:57 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\vorbisfile.dll
[2011/12/04 20:07:56 | 000,015,414 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\6m87wd2e03u886
[2011/12/04 20:07:56 | 000,015,414 | -HS- | C] () -- C:\ProgramData\6m87wd2e03u886
[2011/12/03 19:27:06 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\7XMWv.com_
[2011/12/03 18:28:25 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\7XMWv.com.b
[2011/12/03 14:50:11 | 000,022,872 | ---- | C] () -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2011/11/15 19:49:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\mXSYmh3.dat
[2011/09/23 20:45:40 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/21 15:45:02 | 000,000,155 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2011/07/31 22:55:39 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/31 22:55:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/22 11:47:45 | 000,051,270 | ---- | C] () -- C:\Users\Ante Koscica\AppData\Roaming\room_v3.dat
[2011/07/20 13:21:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/23 14:56:17 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 21:31:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/18 18:03:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/18 17:13:53 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/05/18 17:13:53 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/05/18 17:13:53 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/29 23:09:45 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/04/29 23:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/29 23:09:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/29 23:09:44 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/04/29 23:09:43 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/09/12 12:20:57 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2010/04/29 23:10:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/12/29 11:28:13 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2011/05/18 18:33:57 | 000,001,082 | -H-- | M] () -- C:\IPH.PH
[2011/12/29 12:33:15 | 3949,625,344 | -HS- | M] () -- C:\pagefile.sys
[2011/12/06 17:20:47 | 000,000,443 | ---- | M] () -- C:\rkill.log
[2011/12/12 10:40:58 | 000,147,346 | ---- | M] () -- C:\TDSSKiller.2.6.22.0_12.12.2011_10.34.41_log.txt
[2011/12/15 21:43:24 | 000,147,346 | ---- | M] () -- C:\TDSSKiller.2.6.22.0_15.12.2011_21.42.07_log.txt
[2011/05/18 17:13:55 | 000,000,168 | ---- | M] () -- C:\Webcam.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: BEEP.SYS >
[2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\system64\drivers\beep.sys
[2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CONNECT.DLL >
[2009/07/13 20:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\SysWOW64\connect.dll
[2009/07/13 20:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_64e4e40af80e0f24\connect.dll
[2009/07/13 20:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\SysNative\connect.dll
[2009/07/13 20:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\system64\connect.dll
[2009/07/13 20:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_c1037f8eb06b805a\connect.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\system64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2010/11/20 08:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\SysNative\netcfgx.dll
[2010/11/20 08:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\system64\netcfgx.dll
[2010/11/20 08:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_9c3aecd33c2750cf\netcfgx.dll
[2010/11/20 07:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\SysWOW64\netcfgx.dll
[2010/11/20 07:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_401c514f83c9df99\netcfgx.dll
[2009/07/13 20:41:52 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=8F6D9A20F1FB06F0602A7D5A82840DBF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_9a09d90b3f38cd35\netcfgx.dll
[2009/07/13 20:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_3deb3d8786db5bff\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\ERDNT\cache64\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\system64\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: NETSHELL.DLL >
[2009/07/13 20:41:52 | 002,651,136 | ---- | M] (Microsoft Corporation) MD5=66920354B984D4A3848A84B4E66745EA -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_31785c7a27bbcfd4\netshell.dll
[2010/11/20 08:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\SysNative\netshell.dll
[2010/11/20 08:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\system64\netshell.dll
[2010/11/20 08:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e\netshell.dll
[2010/11/20 07:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\SysWOW64\netshell.dll
[2010/11/20 07:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\netshell.dll
[2009/07/13 20:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_d559c0f66f5e5e9e\netshell.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3AB0B43

< End of report >

#34
Garlet01

Posted 29 December 2011 - 12:13 PM

Member

Topic Starter
Member
42 posts

and here is extra.txt:
OTL Extras logfile created on: 12/29/2011 12:39:22 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ante Koscica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003009 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 70.40% Memory free
7.35 Gb Paging File | 6.18 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 164.23 Gb Free Space | 36.28% Space Free | Partition Type: NTFS

Computer Name: ANTEKOSCICA-PC | User Name: Ante Koscica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.exe[@ = b3] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.inf[@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = b3] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = FT] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\eej.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01D03306-3CEE-4630-B6F3-AA78638E9F2F}_is1" = VirtualCity
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{285A4E07-E07B-44CF-840C-224B7BAC66C5}_is1" = Supreme Ruler Cold War 7.0.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{47d5797d-2cae-4a48-906b-db4bbd69e9ac}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6F9FAD3F-61F9-489C-8431-572D3CB2F75C}" = Glowing Touchpad
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961346DF-FE43-4392-99FC-47B1F5A882C3}" = GKLauncher
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.7 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D639D7B1-6A00-4B47-BB62-3A9AEB4B1928}" = KarosOnline_ijji
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIM_7" = AIM 7
"Army Men RTS" = Army Men RTS
"Combat Arms" = Combat Arms
"CorsixTH" = CorsixTH Beta 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFO" = DFOLauncher
"DragonNest" = DragonNest
"GameSpy Arcade" = GameSpy Arcade
"Garena Classic 2011" = Garena Classic 2011
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"Google Chrome" = Google Chrome
"Gunz" = ijji - Gunz
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Monopoly City1.0" = Monopoly City
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Nemesis of the Roman Empire" = Nemesis of the Roman Empire (remove only)
"OpenTTD" = OpenTTD 1.1.0
"Opera 11.60.1185" = Opera 11.60
"PopTag" = PopTag!
"PunkBusterSvc" = PunkBuster Services
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StartNow Toolbar" = StartNow Toolbar
"Steam App 10620" = Empire: Total War Demo
"Steam App 23450" = Grand Ages: Rome
"Steam App 31740" = Iron Grip: Marauders
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 99900" = Spiral Knights
"SuddenAttackNA" = SuddenAttack
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"FileHunter" = FileHunter
"Game Organizer" = EasyBits GO
"GameRanger" = GameRanger
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Panic Button" = Panic Button
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2011 11:57:57 AM | Computer Name = AnteKoscica-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 12/29/2011 11:58:04 AM | Computer Name = AnteKoscica-PC | Source = MsiInstaller | ID = 11712
Description =

Error - 12/29/2011 11:58:15 AM | Computer Name = AnteKoscica-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/29/2011 11:58:24 AM | Computer Name = AnteKoscica-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/29/2011 11:58:31 AM | Computer Name = AnteKoscica-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/29/2011 12:02:36 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The first DWORD
in the Data section contains the error code.

Error - 12/29/2011 12:02:51 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The first DWORD
in the Data section contains the error code.

Error - 12/29/2011 12:11:36 PM | Computer Name = AnteKoscica-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 12/29/2011 1:08:03 PM | Computer Name = AnteKoscica-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp:
0x4b5f8faa Exception code: 0xc0000005 Fault offset: 0x002404fa Faulting process id:
0x704 Faulting application start time: 0x01ccc647c5dbd18a Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWow64\Macromed\Flash\Flash10e.ocx
Report
Id: aab58df9-323f-11e1-be3c-88ae1d100ce7

Error - 12/29/2011 1:24:59 PM | Computer Name = AnteKoscica-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp:
0x4b5f8faa Exception code: 0xc0000005 Fault offset: 0x002404fa Faulting process id:
0xfa0 Faulting application start time: 0x01ccc64c76cbb876 Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWow64\Macromed\Flash\Flash10e.ocx
Report
Id: 07fa9a4b-3242-11e1-be3c-88ae1d100ce7

[ System Events ]
Error - 12/29/2011 1:34:03 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/29/2011 1:34:06 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/29/2011 1:34:06 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/29/2011 1:34:08 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/29/2011 1:34:10 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/29/2011 1:34:10 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 12/29/2011 1:34:15 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/29/2011 1:34:34 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 12/29/2011 1:36:39 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/29/2011 1:47:30 PM | Computer Name = AnteKoscica-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

< End of report >

#35
RKinner

Posted 29 December 2011 - 12:32 PM

Malware Expert

Expert
24,624 posts

This time you have Zero Access rootkit and it took out your firewall. I'm just giving you the standard procedure. You don't need to remove the old versions and download new. Just let them update if they can.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:

Click on the Start button and then choose Control Panel.
Click on the System and Security link.

Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
In the Administrative Tools window, double-click on the Computer Management icon.
When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron

#36
RKinner

Posted 29 December 2011 - 12:38 PM

Malware Expert

Expert
24,624 posts

If you can't get Combofix to run, try it again in Safe Mode.
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If that doesn't work then:

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.
Type with an Enter after each line:

sfc  /scannow

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Try Combofix now.

#37
Garlet01

Posted 29 December 2011 - 12:50 PM

Member

Topic Starter
Member
42 posts

Oky so basicaly try the standard way and hope for the best right?
so wha of the other rootkit thing? remember that didn;t do it : O
i will try this in 2 hrs

#38
RKinner

Posted 29 December 2011 - 12:55 PM

Malware Expert

Expert
24,624 posts

We weren't done the first time. Probably the virus had infected Avast. Next time we uninstall it and download a new copy.

#39
Garlet01

Posted 29 December 2011 - 01:09 PM

Member

Topic Starter
Member
42 posts

oky thanks
in 2 hrs i will come bk to do it and post the results

#40
Garlet01

Posted 29 December 2011 - 05:11 PM

Member

Topic Starter
Member
42 posts

got blue screen should i try again (after combofix)

#41
RKinner

Posted 29 December 2011 - 05:59 PM

Malware Expert

Expert
24,624 posts

Yes tho I'm not clear on what exactly you were doing to get a blue screen.

#42
Garlet01

Posted 30 December 2011 - 06:09 PM

Member

Topic Starter
Member
42 posts

nop nva got to start it up again =\ good new u don;t need to worry about that
bad news i need ur help now xD i am trying to restore to factory defult (apprently no restore apoints were made even tho i am pretty sure i made some)and i need the CD but i don;t have it =\ is it in these forms?

#43
RKinner

Posted 30 December 2011 - 06:32 PM

Malware Expert

Expert
24,624 posts

What Make and model PC is this?

#44
Garlet01

Posted 30 December 2011 - 06:56 PM

Member

Topic Starter
Member
42 posts

gateway ID49C07u
intelcore i3
window 7
is this wha u mean
(i think it was 64 bit....

#45
RKinner

Posted 30 December 2011 - 10:33 PM

Malware Expert

Expert
24,624 posts

Frequently Asked Questions
Show Part Numbers

Show Model(s)

Q: How do I reinstall the Operating System on the computer?

A: Select models have the ability to have the operating system reinstalled from a hidden drive built into the computer. To start the system recovery:

Restart the computer.
When the Gateway logo appears on the screen, press the Alt and F10 keys repeatedly.
When prompted with a boot screen, hit the Enter key.
After the system recovery program has loaded, follow the prompts to reinstall the operating system.

If the ability to reinstall from the previous method is not available or fails during the recovery, recovery of the operating system will need to be from Recovery Media.

Insert the disk labeled System CD into the computer's disk drive and restart the computer.
When the Gateway logo appears on the screen, press the F12 key repeatedly.
Select either CDROM or DVD as the boot device, this may vary depending on the system.
When prompted for the Recovery CD, remove the System CD and insert the Recovery CD.

Note: If there are multiple Recovery CDs, please insert the first Recovery CD.

After the system recovery program has loaded follow the prompts to reinstall the operating system.

Note: If you do not have a set of Gateway Recovery Media you may purchase recovery media online.