Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes blocking unsolicited outgoing/incoming foreign traffic [S


  • This topic is locked This topic is locked

#1
AtomicSG

AtomicSG

    Member

  • Member
  • PipPip
  • 41 posts
A few months back I noticed not all my tray icons were appearing on bootup. The occasional restart would seem to fix this so I payed it relatively little attention. In december through the newegg.com sales I purchased a pro copy of malwarebytes and I upgraded from free to pro with the key sometime early january. Since then I've noticed it occasionally blocking outgoing and incoming traffic from a few different ip addresses. The few I've looked up are Chinese. Not sure if these things are related but it worries me. Full system scans with malwarebytes and avast recently have brought me no luck in finding any compromise. In the past when I had a similar issue with a link redirector you guys were very helpful in getting it resolved. So.. game on?

Edited by AtomicSG, 12 February 2013 - 03:02 PM.

  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hello AtomicSG and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Ok, game on.
Let's take a look around -

Step 1
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 3
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • checkup.txt
  • OTL.txt
  • Extras.txt
  • Rkreport.txt files from RogueKiller

  • 0

#3
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
checkup.txt
------------------------------------------------
Results of screen317's Security Check version 0.99.58
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
EasyCleaner
Java 7 Update 13
Adobe Flash Player 11.6.602.168
Adobe Reader XI
Mozilla Firefox (18.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive G:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
-----------------------------------------------------------------
OTL.txt
-----------------------------------------------------------------
OTL logfile created on: 2/18/2013 4:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 67.55% Memory free
5.21 Gb Paging File | 4.33 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive D: | 111.78 Gb Total Space | 63.53 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 109.34 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Computer Name: EMERALD | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 16:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2013/02/15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- G:\Program Files\Steam\steam.exe
PRC - [2013/02/01 18:28:32 | 000,170,912 | ---- | M] (Oracle Corporation) -- G:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- G:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/04 12:00:01 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- G:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- G:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- G:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- G:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- G:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- G:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- G:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/10/07 08:24:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/08/01 10:11:34 | 003,983,760 | ---- | M] (Western Digital Technologies, Inc.) -- G:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- G:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/07 17:28:50 | 000,355,432 | ---- | M] () -- G:\Program Files\EVGA Precision\EVGAPrecision.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- G:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/08/14 11:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- G:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/08/14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- G:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/03/05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/08 12:28:12 | 002,049,320 | ---- | M] (Nero AG) -- G:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2008/08/08 12:28:12 | 000,053,032 | ---- | M] (Nero AG) -- G:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/08/08 12:28:10 | 001,442,088 | ---- | M] (Nero AG) -- G:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2008/08/08 12:27:50 | 001,083,176 | ---- | M] (Nero AG) -- G:\Program Files\Nero\Nero8\InCD\InCD.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- G:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe
PRC - [2007/05/10 21:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- G:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/15 12:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- G:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2004/04/08 16:05:54 | 000,307,200 | ---- | M] () -- G:\Program Files\honestech\honestech TVR\scheduleTV.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 03:13:01 | 002,060,288 | ---- | M] () -- G:\Program Files\AVAST Software\Avast\defs\13021800\algo.dll
MOD - [2013/02/15 13:08:20 | 000,988,584 | ---- | M] () -- G:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/01/22 04:22:06 | 020,320,680 | ---- | M] () -- G:\Program Files\Steam\bin\libcef.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- G:\Program Files\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- G:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- G:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- G:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- G:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/05/15 05:18:00 | 000,357,184 | ---- | M] () -- G:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- G:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- G:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/07 17:28:50 | 000,355,432 | ---- | M] () -- G:\Program Files\EVGA Precision\EVGAPrecision.exe
MOD - [2010/09/04 15:28:40 | 000,061,440 | ---- | M] () -- G:\Program Files\EVGA Precision\RTMUI.dll
MOD - [2010/09/04 15:28:34 | 000,262,144 | ---- | M] () -- G:\Program Files\EVGA Precision\RTHAL.dll
MOD - [2010/09/04 15:28:16 | 000,229,376 | ---- | M] () -- G:\Program Files\EVGA Precision\RTCore.dll
MOD - [2010/09/04 15:28:04 | 000,139,264 | ---- | M] () -- G:\Program Files\EVGA Precision\RTUI.dll
MOD - [2010/09/04 15:27:52 | 000,061,440 | ---- | M] () -- G:\Program Files\EVGA Precision\RTFC.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- G:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- G:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- G:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- G:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- G:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/08/14 11:47:34 | 002,854,976 | ---- | M] () -- G:\WINDOWS\system32\btwicons.dll
MOD - [2009/08/14 11:45:04 | 000,069,697 | ---- | M] () -- G:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/25 10:44:06 | 007,331,840 | ---- | M] () -- G:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/02/25 10:44:06 | 002,023,424 | ---- | M] () -- G:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/02/25 10:43:54 | 000,135,168 | ---- | M] () -- G:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- G:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- G:\WINDOWS\system32\msdmo.dll
MOD - [2004/04/08 16:05:54 | 000,307,200 | ---- | M] () -- G:\Program Files\honestech\honestech TVR\scheduleTV.exe


========== Services (SafeList) ==========

SRV - [2013/02/15 17:02:58 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/08 00:45:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- G:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/01 18:28:32 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- G:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- G:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- G:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/21 09:30:09 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- G:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- G:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- G:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- G:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- G:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- G:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/07 08:24:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/01 10:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Stopped] -- G:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 10:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Stopped] -- G:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 10:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Stopped] -- G:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- G:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008/09/08 13:10:20 | 000,450,560 | ---- | M] () [Auto | Stopped] -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 13:09:40 | 000,184,320 | ---- | M] () [Auto | Stopped] -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/08/08 12:28:12 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- G:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2008/08/08 12:28:10 | 001,442,088 | ---- | M] (Nero AG) [Auto | Running] -- G:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | Auto | Stopped] -- G:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- G:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- G:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- G:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- G:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/05 17:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- G:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- G:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/01/18 01:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 01:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/02/10 04:34:22 | 000,051,968 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010/11/12 02:10:54 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/17 16:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/09 14:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
DRV - [2009/06/21 11:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/05/11 16:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/25 03:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/24 14:22:40 | 000,014,208 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/08 12:28:00 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- G:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/08/08 12:28:00 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/08/08 12:28:00 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/08/08 12:28:00 | 000,018,088 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- G:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDRec)
DRV - [2008/07/31 22:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/31 22:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/24 19:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/02/04 19:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/04/16 18:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/05/25 14:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Program Files\EVGA Precision\RTCore32.sys -- (RTCore32)
DRV - [2005/03/15 11:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- G:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2004/11/30 11:00:00 | 000,021,760 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Running] -- G:\WINDOWS\system32\drivers\WDMTuner.sys -- (WDMTVTuner)
DRV - [2004/08/12 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.254/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: bookmarkcurrenttabset%40jake.kasprzak.ca:0.2.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: G:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: G:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: G:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: g:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: g:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: G:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: G:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 18:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/04 12:00:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/04 12:00:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2013/02/08 00:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins

[2010/10/02 19:58:26 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2013/01/30 20:23:14 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\extensions
[2013/01/30 20:23:14 | 000,000,000 | ---D | M] (WOT) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/10/11 16:57:10 | 000,011,859 | ---- | M] () (No name found) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\extensions\[email protected]
[2013/01/17 11:54:38 | 000,389,447 | ---- | M] () (No name found) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\extensions\[email protected]
[2013/01/30 20:23:14 | 000,533,536 | ---- | M] () (No name found) -- G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/08 00:45:18 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files\Mozilla Firefox\extensions
[2013/02/11 23:52:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- G:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/08 00:45:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- G:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 14:59:52 | 000,002,465 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/15 07:16:28 | 000,002,158 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/14 06:04:48 | 000,002,058 | ---- | M] () -- G:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/12 23:47:24 | 000,445,603 | R--- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15306 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] G:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] G:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] G:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] G:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EVGAPrecision] G:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [IMEKRMIG6.1] G:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] G:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] G:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] G:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] G:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] G:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecurDisc] G:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] G:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] G:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] G:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] G:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = G:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScheduleTV.lnk = G:\Program Files\honestech\honestech TVR\scheduleTV.exe ()
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Quick View.lnk = G:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: G:\Documents and Settings\Mike\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = G:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345384967437 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.145.232.32 69.144.49.29 69.145.232.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D35DFA-5C00-42A9-A989-9E29E6B212F6}: DhcpNameServer = 69.145.232.32 69.144.49.29 69.145.232.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\userinit.exe) - G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - G:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: G:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 16:18:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\Mike\Desktop\OTL.exe
[2013/02/14 21:41:39 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Mike\Desktop\New Folder (2)
[2013/02/12 23:06:12 | 000,000,000 | ---D | C] -- G:\TDSSKiller_Quarantine
[2013/02/12 22:56:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- G:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2013/02/12 21:46:47 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Mike\Local Settings\Application Data\NPE
[2013/02/12 21:46:47 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Norton
[2013/02/12 21:46:04 | 002,957,840 | ---- | C] (Symantec Corporation) -- G:\Documents and Settings\Mike\Desktop\NPE.exe
[2013/02/11 23:58:26 | 000,000,000 | ---D | C] -- G:\GOG Games
[2013/02/08 00:45:15 | 000,000,000 | ---D | C] -- G:\Program Files\Mozilla Firefox
[2013/02/08 00:20:30 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Mike\Local Settings\Application Data\Muse Games
[2013/01/24 13:44:16 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Skype
[2013/01/24 13:44:16 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/21 21:37:35 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Mike\Application Data\bowry
[5 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 16:18:42 | 000,798,208 | ---- | M] () -- G:\Documents and Settings\Mike\Desktop\RogueKiller.exe
[2013/02/18 16:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Mike\Desktop\OTL.exe
[2013/02/18 16:18:00 | 000,881,935 | ---- | M] () -- G:\Documents and Settings\Mike\Desktop\SecurityCheck.exe
[2013/02/18 16:13:16 | 000,000,830 | ---- | M] () -- G:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/18 16:10:58 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2013/02/18 16:10:57 | 000,000,276 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[2013/02/18 16:10:56 | 000,000,276 | ---- | M] () -- G:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[2013/02/18 16:10:55 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[2013/02/18 16:10:52 | 000,000,364 | -H-- | M] () -- G:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/18 16:06:53 | 000,000,298 | ---- | M] () -- G:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[2013/02/18 16:06:33 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2013/02/16 16:54:36 | 000,000,306 | ---- | M] () -- G:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[2013/02/14 03:01:02 | 000,797,186 | ---- | M] () -- G:\Documents and Settings\Mike\Desktop\widescreen-v3.05.exe
[2013/02/13 15:59:24 | 021,216,332 | ---- | M] () -- G:\Documents and Settings\Mike\Desktop\EasyTutu_ToB.zip
[2013/02/12 23:47:24 | 000,445,603 | R--- | M] () -- G:\WINDOWS\System32\drivers\etc\hosts
[2013/02/12 23:19:01 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/12 22:56:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- G:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2013/02/12 22:51:47 | 000,000,210 | ---- | M] () -- G:\boot.ini
[2013/02/12 21:46:07 | 002,957,840 | ---- | M] (Symantec Corporation) -- G:\Documents and Settings\Mike\Desktop\NPE.exe
[2013/02/12 15:23:53 | 001,454,232 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/12 15:17:23 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2013/02/12 15:13:30 | 000,502,696 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2013/02/12 15:13:30 | 000,088,476 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2013/01/25 11:51:05 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
[5 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/18 16:18:41 | 000,798,208 | ---- | C] () -- G:\Documents and Settings\Mike\Desktop\RogueKiller.exe
[2013/02/18 16:17:57 | 000,881,935 | ---- | C] () -- G:\Documents and Settings\Mike\Desktop\SecurityCheck.exe
[2013/02/15 06:42:34 | 000,118,504 | ---- | C] () -- G:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/14 21:41:24 | 021,216,332 | ---- | C] () -- G:\Documents and Settings\Mike\Desktop\EasyTutu_ToB.zip
[2013/02/14 02:59:44 | 000,797,186 | ---- | C] () -- G:\Documents and Settings\Mike\Desktop\widescreen-v3.05.exe
[2012/10/13 11:48:26 | 000,000,060 | ---- | C] () -- G:\WINDOWS\wininit.ini
[2012/08/12 20:23:42 | 000,659,120 | ---- | C] () -- G:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-1580818891-1801674531-1003-0.dat
[2012/08/12 20:23:41 | 000,228,058 | ---- | C] () -- G:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/17 06:15:18 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\clauth2.dll
[2012/06/17 06:15:18 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\clauth1.dll
[2012/06/17 06:15:17 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\sysprs7.dll
[2012/06/17 06:15:17 | 000,000,205 | ---- | C] () -- G:\WINDOWS\System32\lsprst7.dll
[2012/06/17 06:15:17 | 000,000,073 | ---- | C] () -- G:\WINDOWS\System32\ssprs.dll
[2012/06/17 06:09:12 | 000,000,116 | ---- | C] () -- G:\Documents and Settings\Mike\Adobe Encore_AME.pref
[2012/05/31 20:47:00 | 002,293,138 | ---- | C] () -- G:\WINDOWS\System32\nvdata.bin
[2012/05/31 20:43:54 | 000,000,664 | ---- | C] () -- G:\WINDOWS\System32\d3d9caps.dat
[2012/05/15 07:36:36 | 000,000,218 | ---- | C] () -- G:\Documents and Settings\Mike\.recently-used.xbel
[2012/04/04 05:33:56 | 000,140,232 | ---- | C] () -- G:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/04/04 05:33:55 | 000,138,904 | ---- | C] () -- G:\Documents and Settings\Mike\Application Data\PnkBstrK.sys
[2012/04/04 05:33:34 | 000,283,416 | ---- | C] () -- G:\WINDOWS\System32\PnkBstrB.exe
[2012/04/04 05:33:31 | 000,076,888 | ---- | C] () -- G:\WINDOWS\System32\PnkBstrA.exe
[2012/03/13 18:25:11 | 000,003,654 | ---- | C] () -- G:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/03/11 16:11:10 | 000,000,069 | ---- | C] () -- G:\WINDOWS\NeroDigital.ini
[2012/03/03 20:12:34 | 000,001,024 | ---- | C] () -- G:\Documents and Settings\Mike\.rnd
[2012/02/17 09:39:25 | 000,026,176 | -H-- | C] () -- G:\WINDOWS\System32\mlfcache.dat
[2012/02/15 18:40:26 | 000,003,072 | ---- | C] () -- G:\WINDOWS\System32\iacenc.dll
[2011/12/29 20:23:11 | 000,000,056 | ---- | C] () -- G:\WINDOWS\kgt2k.INI
[2011/11/16 11:07:42 | 000,096,768 | ---- | C] () -- G:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 10:03:23 | 000,000,262 | ---- | C] () -- G:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/07 08:33:17 | 002,463,976 | ---- | C] () -- G:\WINDOWS\System32\NPSWF32.dll
[2011/10/05 22:57:07 | 001,074,636 | ---- | C] () -- G:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/05 22:57:07 | 001,074,636 | ---- | C] () -- G:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/05 22:57:07 | 000,000,001 | ---- | C] () -- G:\WINDOWS\System32\nvdrssel.bin
[2011/10/05 22:48:08 | 000,045,056 | ---- | C] () -- G:\WINDOWS\System32\KmRemove.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- G:\WINDOWS\System32\xlive.dll.cat
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- G:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/05/21 05:01:00 | 002,807,708 | ---- | C] () -- G:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2011/10/05 22:47:02 | 000,000,227 | RHS- | M] () -- G:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 07:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = G:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = G:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/26 02:24:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/16 20:04:46 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/03/04 01:49:47 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\LightScribe
[2012/06/17 06:15:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/05/21 18:17:19 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Ubisoft
[2012/02/27 08:44:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Western Digital
[2013/01/30 02:56:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\.aegislauncher
[2013/01/25 11:50:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\.minecraft
[2013/01/24 01:47:56 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\.techniclauncher
[2012/08/06 07:03:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Beat Hazard
[2012/03/27 23:11:42 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Bioshock
[2012/04/05 16:16:35 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Bioshock2
[2013/01/21 21:39:29 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\bowry
[2012/11/29 12:39:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Carbon
[2012/05/15 07:36:08 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\gtk-2.0
[2012/08/12 07:30:55 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Kalypso Media
[2011/11/05 06:59:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Leadertech
[2011/10/08 15:15:48 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\LolClient
[2012/05/24 22:56:56 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\LolClient2
[2012/04/27 06:02:31 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\LoneSurvivor
[2012/11/10 08:58:48 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\minecraft backup
[2012/04/24 21:58:58 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Mount&Blade
[2013/01/13 18:07:31 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Natural Selection 2
[2012/06/21 09:52:39 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\NetMedia Providers
[2011/10/06 14:50:11 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\OpenOffice.org
[2012/06/21 09:42:06 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Publish Providers
[2013/01/11 08:07:16 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Sony
[2012/05/21 18:18:22 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Ubisoft
[2012/04/02 14:34:33 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Mike\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 00:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- G:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- G:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- G:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- G:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- G:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- G:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- G:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- G:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 14:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- G:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- G:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- G:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- G:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- G:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2010/10/02 19:49:04 | 000,001,602 | ---- | M] () MD5=55C1D89AF4EC3B75EE8106D9A8AA8314 -- G:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/12/14 11:58:18 | 000,000,955 | ---- | M] () MD5=DFA2ACAA6028833F174924DE116F4BEE -- G:\Documents and Settings\Mike\Application Data\Macromedia\Flash Player\#SharedObjects\WDQMEW7X\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- G:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/01/17 17:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- G:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 17:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- G:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- G:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- G:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- G:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- G:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- G:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- G:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- G:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- G:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- G:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- G:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- G:\WINDOWS\system32\winsock.dll

< End of report >
-------------------------------------------------------------
Extras.Txt
-------------------------------------------------------------
OTL Extras logfile created on: 2/18/2013 4:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 67.55% Memory free
5.21 Gb Paging File | 4.33 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive D: | 111.78 Gb Total Space | 63.53 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive G: | 298.08 Gb Total Space | 109.34 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Computer Name: EMERALD | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"6112:TCP" = 6112:TCP:*:Enabled:6112
"6112:UDP" = 6112:UDP:*:Enabled:6112 2
"6113:TCP" = 6113:TCP:*:Enabled:6113
"6113:UDP" = 6113:UDP:*:Enabled:6113 udp
"6114:TCP" = 6114:TCP:*:Enabled:6114
"6114:UDP" = 6114:UDP:*:Enabled:6114 2
"6115:TCP" = 6115:TCP:*:Enabled:6115
"6115:UDP" = 6115:UDP:*:Enabled:6115 2
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"G:\Program Files\Skype\Plugin Manager\skypePM.exe" = G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"G:\Program Files\StarCraft II\StarCraft II.exe" = G:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\Program Files\Bonjour\mDNSResponder.exe" = G:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"G:\Program Files\GOG.com\Arcanum\Arcanum.exe" = G:\Program Files\GOG.com\Arcanum\Arcanum.exe:*:Enabled:Arcanum -- (Troika Games, LLC)
"G:\Documents and Settings\Mike\Desktop\Gproxy+Ghost\Ghost\ghost.exe" = G:\Documents and Settings\Mike\Desktop\Gproxy+Ghost\Ghost\ghost.exe:*:Enabled:ghost -- ()
"G:\Program Files\Warcraft III\Frozen Throne.exe" = G:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"G:\Program Files\Warcraft III\Warcraft III.exe" = G:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"G:\Program Files\Starcraft\StarCraft.exe" = G:\Program Files\Starcraft\StarCraft.exe:*:Enabled:StarCraft - Brood War -- (Blizzard Entertainment)
"G:\Documents and Settings\Mike\Desktop\Gproxy+Ghost\Gproxy\gproxy.exe" = G:\Documents and Settings\Mike\Desktop\Gproxy+Ghost\Gproxy\gproxy.exe:*:Enabled:gproxy -- ()
"G:\Program Files\World of Warcraft\Launcher.exe" = G:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"G:\Program Files\World of Warcraft\Launcher.patch.exe" = G:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"G:\Program Files\World of Warcraft\BackgroundDownloader.exe" = G:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"G:\Program Files\Ventrilo\Ventrilo.exe" = G:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"G:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = G:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"G:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = G:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"G:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = G:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"G:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = G:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"G:\Program Files\Steam\Steam.exe" = G:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe" = G:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame
"G:\Program Files\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2.exe" = G:\Program Files\Steam\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2
"G:\Program Files\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2.exe" = G:\Program Files\Steam\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:Bioshock 2 Multiplayer
"G:\WINDOWS\system32\PnkBstrA.exe" = G:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"G:\WINDOWS\system32\PnkBstrB.exe" = G:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"G:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe" = G:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe
"G:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = G:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe
"G:\Program Files\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = G:\Program Files\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"G:\Program Files\Steam\steamapps\common\Mount and Blade\runme.exe" = G:\Program Files\Steam\steamapps\common\Mount and Blade\runme.exe:*:Enabled:Mount & Blade -- ()
"G:\Program Files\Steam\steamapps\common\lone survivor\LoneSurvivor\LoneSurvivor.exe" = G:\Program Files\Steam\steamapps\common\lone survivor\LoneSurvivor\LoneSurvivor.exe:*:Enabled:Lone Survivor -- ()
"G:\Program Files\Messenger\msmsgs.exe" = G:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"G:\Program Files\Java\jre6\bin\java.exe" = G:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
"G:\Program Files\Steam\steamapps\common\Universe at War Earth Assault\UAWEA.exe" = G:\Program Files\Steam\steamapps\common\Universe at War Earth Assault\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application -- (Petroglyph Games, Inc.)
"G:\Program Files\Steam\steamapps\common\eufloria\Eufloria.exe" = G:\Program Files\Steam\steamapps\common\eufloria\Eufloria.exe:*:Enabled:Eufloria -- (Alex May and Rudolf Kremers)
"G:\Program Files\Java\jre6\bin\javaw.exe" = G:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = G:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"G:\Program Files\Steam\steamapps\common\beat hazard\BeatHazard.exe" = G:\Program Files\Steam\steamapps\common\beat hazard\BeatHazard.exe:*:Enabled:Beat Hazard -- ()
"G:\Program Files\Steam\steamapps\common\beat hazard\runme.exe" = G:\Program Files\Steam\steamapps\common\beat hazard\runme.exe:*:Enabled:Beat Hazard -- ()
"G:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe" = G:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe:*:Enabled:Super Hexagon -- ()
"G:\Program Files\Steam\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe" = G:\Program Files\Steam\steamapps\common\BIT.TRIP RUNNER\RUNNER.exe:*:Enabled:BIT.TRIP RUNNER -- ()
"G:\Program Files\Steam\steamapps\common\Retro City Rampage\retrocityrampage.exe" = G:\Program Files\Steam\steamapps\common\Retro City Rampage\retrocityrampage.exe:*:Enabled:Retro City Rampage™ -- ()
"G:\Program Files\ZSNES\zsnesw.exe" = G:\Program Files\ZSNES\zsnesw.exe:*:Enabled:zsnesw -- ()
"G:\Program Files\Steam\steamapps\common\Multiwinia\multiwinia.exe" = G:\Program Files\Steam\steamapps\common\Multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"G:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe" = G:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe:*:Enabled:Fallout: New Vegas -- (Bethesda Softworks, Obsidian Entertainment)
"G:\GOG Games\ARMA II - Combined Operations\arma2OA.exe" = G:\GOG Games\ARMA II - Combined Operations\arma2OA.exe:*:Enabled:ArmA 2 OA
"G:\Program Files\SIX Networks\Play withSIX\tools\bin\rsync.exe" = G:\Program Files\SIX Networks\Play withSIX\tools\bin\rsync.exe:*:Disabled:rsync
"G:\Documents and Settings\Mike\My Documents\ArmA 2\expansion\beta\arma2oa.exe" = G:\Documents and Settings\Mike\My Documents\ArmA 2\expansion\beta\arma2oa.exe:*:Enabled:ArmA 2 OA
"G:\Program Files\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe" = G:\Program Files\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe:*:Enabled:Frozen Synapse -- ()
"G:\Program Files\Steam\steamapps\common\Universe at War Earth Assault\LaunchUAW.exe" = G:\Program Files\Steam\steamapps\common\Universe at War Earth Assault\LaunchUAW.exe:*:Enabled:Universe at War: Earth Assault -- (Petroglyph Games, Inc.)
"G:\Program Files\Steam\steamapps\common\Defcon\defcon.exe" = G:\Program Files\Steam\steamapps\common\Defcon\defcon.exe:*:Enabled:DEFCON -- (Introversion Software)
"G:\Program Files\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe" = G:\Program Files\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe:*:Enabled:Sanctum -- (Coffee Stain Studios AB)
"G:\Program Files\Java\jre7\bin\java.exe" = G:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"G:\Program Files\Skype\Phone\Skype.exe" = G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"G:\Program Files\Steam\steamapps\common\the walking dead\WalkingDead101.exe" = G:\Program Files\Steam\steamapps\common\the walking dead\WalkingDead101.exe:*:Enabled:The Walking Dead -- (Telltale Games)
"G:\Program Files\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe" = G:\Program Files\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe:*:Enabled:Guns of Icarus Online -- ()
"G:\Program Files\Steam\steamapps\common\Natural Selection 2\NS2.exe" = G:\Program Files\Steam\steamapps\common\Natural Selection 2\NS2.exe:*:Enabled:Natural Selection 2 -- ()
"G:\Program Files\Steam\steamapps\common\Trine\trine_launcher.exe" = G:\Program Files\Steam\steamapps\common\Trine\trine_launcher.exe:*:Enabled:Trine -- ()
"G:\GOG Games\Baldur's Gate\BGMain2.exe" = G:\GOG Games\Baldur's Gate\BGMain2.exe:*:Enabled:Tales of the Sword Coast -- (BioWare Corp.)
"G:\WINDOWS\system32\dplaysvr.exe" = G:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"G:\GOG Games\tutu\bgmain.exe" = G:\GOG Games\tutu\bgmain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"G:\Program Files\Steam\steamapps\common\aceofspades\aos.exe" = G:\Program Files\Steam\steamapps\common\aceofspades\aos.exe:*:Enabled:Ace of Spades -- ()
"G:\GOG Games\Baldur's Gate 2\BGMain.exe" = G:\GOG Games\Baldur's Gate 2\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"G:\GOG Games\tutu2\bgmain.exe" = G:\GOG Games\tutu2\bgmain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal
"G:\Program Files\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe" = G:\Program Files\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe:*:Enabled:GameMaker: Studio -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F005480-30A4-11E0-8FD0-005056C00008}" = Sound Forge Audio Studio 10.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49D19440-759A-11E0-85FD-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{600B9FB0-30A0-11E0-9ABC-005056C00008}" = DVD Architect Studio 5.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6374F0-6D04-11E0-92E0-005056C00008}" = ACID Music Studio 8.0
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}" = LightScribe System Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93C728B0-7740-11E0-9613-005056C00008}" = MSVCRT Redists
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}" = honestech TVR
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ECE75A25-3328-48AA-AA5F-8F532F754996}" = Arcanum: Lost Dungeon of Souls
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"Arcanum Of Steamworks and Magick Obscura_is1" = Arcanum Of Steamworks and Magick Obscura
"avast" = avast! Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DivX Setup" = DivX Setup
"GOGPACKBALDURSGATE1_is1" = Baldur's Gate - The Original Saga
"GOGPACKBALDURSGATE2_is1" = Baldur's Gate 2 Complete
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Kenshi 0.25.4" = Kenshi 0.25.4
"Logitech Unifying" = Logitech Unifying Software 2.00
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Precision" = EVGA Precision 2.0.0
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 16.0" = RealPlayer
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10430" = Universe at War: Earth Assault
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 204630" = Retro City Rampage
"Steam App 207610" = The Walking Dead
"Steam App 209080" = Guns of Icarus Online
"Steam App 209830" = Lone Survivor
"Steam App 214850" = GameMaker: Studio
"Steam App 22100" = Mount & Blade
"Steam App 221640" = Super Hexagon
"Steam App 22380" = Fallout: New Vegas
"Steam App 224540" = Ace of Spades
"Steam App 35700" = Trine
"Steam App 40800" = Super Meat Boy
"Steam App 41210" = Eufloria
"Steam App 4920" = Natural Selection 2
"Steam App 49600" = Beat Hazard
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 91600" = Sanctum
"Steam App 98200" = Frozen Synapse
"Warcraft III" = Warcraft III
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2013 7:47:38 PM | Computer Name = EMERALD | Source = BugSplat | ID = 1
Description =

Error - 2/9/2013 3:32:34 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x006cb906.

Error - 2/9/2013 3:33:09 PM | Computer Name = EMERALD | Source = Application Error | ID = 1001
Description = Fault bucket -889359193.

Error - 2/11/2013 11:18:14 PM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 3.1.0.1, faulting
module league of legends.exe, version 3.1.0.1, fault address 0x0031b87a.

Error - 2/16/2013 3:16:16 AM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application bgmain.exe, version 2.5.0.2, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/17/2013 3:16:38 AM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application bgmain.exe, version 2.5.0.2, faulting module
unknown, version 0.0.0.0, fault address 0x00000018.

Error - 2/18/2013 6:38:32 AM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application bgmain.exe, version 2.5.0.2, faulting module
unknown, version 0.0.0.0, fault address 0x93be6100.

Error - 2/18/2013 8:14:14 AM | Computer Name = EMERALD | Source = Application Error | ID = 1000
Description = Faulting application bgmain.exe, version 2.5.0.2, faulting module
unknown, version 0.0.0.0, fault address 0x0111cdd9.

[ System Events ]
Error - 2/17/2013 7:52:43 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
error: %%1053

Error - 2/17/2013 7:52:44 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7001
Description = The WDFMEService service depends on the WDRulesService service which
failed to start because of the following error: %%1053

Error - 2/18/2013 5:10:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 2/18/2013 5:10:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WDDMService service to
connect.

Error - 2/18/2013 5:10:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The WDDMService service failed to start due to the following error:
%%1053

Error - 2/18/2013 5:10:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WDRulesService service
to connect.

Error - 2/18/2013 5:10:05 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The WDRulesService service failed to start due to the following error:
%%1053

Error - 2/18/2013 5:10:39 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ForceWare IP service
service to connect.

Error - 2/18/2013 5:10:39 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
error: %%1053

Error - 2/18/2013 5:10:39 PM | Computer Name = EMERALD | Source = Service Control Manager | ID = 7001
Description = The WDFMEService service depends on the WDRulesService service which
failed to start because of the following error: %%1053


< End of report >
------------------------------------------------------------
RKreport[1]_S_02182013_02d1656.txt
------------------------------------------------------------
RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 02/18/2013 16:56:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : G:\WINDOWS\Assembly\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> G:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120827AS +++++
--- User ---
[MBR] 228e56ff065af5916361d1b903813927
[BSP] 7a56b2c45de9a45748e452c879b2bbad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00UU3A0 +++++
--- User ---
[MBR] fd7c9eb4d5f3e1e0e75edaa89b8cedb5
[BSP] a8a6f564ce7df2b5333a061cb9d86676 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02182013_02d1656.txt >>
RKreport[1]_S_02182013_02d1656.txt



-------------------------------------------------------------

In addition RogueKiller has identified something called ZeroAccess and opened the following page
http://tigzyrk.blogs...access-max.html
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi -
I am not seeing zero access on your computer, that one file is sometimes found without having the infection. I am going to let RK remove it anyways, but I don't see zero access, yet.
I do see that you have a program called EasyCleaner installed. This is a registry "cleaner" or "booster" . Never a good ideal to mess around with your registry, at best it will do nothing, at worst it can make your computer not boot any more. I recommend that you remove this program.
I would also ditch the Spybot program, MalwareBytes is way better, but it will not hurt to keep spybot, I just deem it not very effective.
I see that tdsskiller has been run lately, please post that log for me to look at.
Same goes for the Norton Power Eraser, if it created a log file, I would like to see it please.
I am not seeing anything that causes me concern, but I still would like to see what those 2 programs found before I make that judgement.

Step 1
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it may interfere with any fixes we might need to perform.

First step:

  • Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
  • For version 1.6, the steps are similar to either one of the below.
  • If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
  • If you have Version 1.4, click on Exit Spybot S&D Resident.

Second step, for either version:

  • Open Spybot S&D.
  • Click Mode, choose Advanced Mode.
  • Go to the bottom of the vertical panel on the left, click Tools.
  • Then, also in left panel, click on Resident that shows a red/white shield.
  • If your firewall raises a question, say OK.
  • In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
  • OK any prompts.
  • Exit Spybot S&D and reboot your machine for the changes to take effect.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    [2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.


Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • OTL fix log
  • ADWCleaner log
  • All the RogueKiller log files
  • TDSSkiller and NPE log files
  • Please post a recent log from MalwareBytes

  • 0

#5
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Had to do the OTL twice. Copied instructions to .txt file and when I pasted in the section it put spaces infront which I guessed was the reason for the could not interpret. Hung on the shutdown screen for the reboot both times. Posting both logs. (ethernet was unplugged during the process)

02192013_165508.log
--------------------------------------------------------------------------
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < [2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret < [2013/02/08 00:45:18 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret < O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a> in the current context!
Error: Unable to interpret < :commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 1600106839 bytes
->Temporary Internet Files folder emptied: 229222576 bytes
->Java cache emptied: 1826938 bytes
->FireFox cache emptied: 449624864 bytes
->Flash cache emptied: 11786689 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49291874 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2602748 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 167686996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,396.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192013_165508

Files\Folders moved on Reboot...
File move failed. G:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-------------------------------------------------------------------------
02192013_172751.log
-------------------------------------------------------------------------
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 658474 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1013 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192013_172751

Files\Folders moved on Reboot...
File move failed. G:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-----------------------------------------------------------------------
AdwCleaner[S2]
-----------------------------------------------------------------------
# AdwCleaner v2.112 - Logfile created 02/19/2013 at 17:48:04
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mike - EMERALD
# Boot Mode : Normal
# Running from : G:\Documents and Settings\Mike\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : G:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");

*************************

AdwCleaner[S1].txt - [331 octets] - [19/02/2013 17:47:36]
AdwCleaner[S2].txt - [863 octets] - [19/02/2013 17:48:04]

########## EOF - G:\AdwCleaner[S2].txt - [922 octets] ##########

------------------------------------------------------------------------
RKreport[2]_S_02192013_02d1801
------------------------------------------------------------------------
RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 02/19/2013 18:01:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : G:\WINDOWS\Assembly\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> G:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120827AS +++++
--- User ---
[MBR] 228e56ff065af5916361d1b903813927
[BSP] 7a56b2c45de9a45748e452c879b2bbad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00UU3A0 +++++
--- User ---
[MBR] fd7c9eb4d5f3e1e0e75edaa89b8cedb5
[BSP] a8a6f564ce7df2b5333a061cb9d86676 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_02192013_02d1801.txt >>
RKreport[1]_S_02182013_02d1656.txt ; RKreport[2]_S_02192013_02d1801.txt




------------------------------------------------------------------------
RKreport[3]_D_02192013_02d1802
------------------------------------------------------------------------
RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 02/19/2013 18:02:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : G:\WINDOWS\Assembly\Desktop.ini [-] --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> G:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120827AS +++++
--- User ---
[MBR] 228e56ff065af5916361d1b903813927
[BSP] 7a56b2c45de9a45748e452c879b2bbad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00UU3A0 +++++
--- User ---
[MBR] fd7c9eb4d5f3e1e0e75edaa89b8cedb5
[BSP] a8a6f564ce7df2b5333a061cb9d86676 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02192013_02d1802.txt >>
RKreport[1]_S_02182013_02d1656.txt ; RKreport[2]_S_02192013_02d1801.txt ; RKreport[3]_D_02192013_02d1802.txt




------------------------------------------------------------------------
RKreport[4]_SC_02192013_02d1809
------------------------------------------------------------------------
RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/19/2013 18:09:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 42 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 534 / Fail 0
My documents: Success 564 / Fail 564
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 96 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[4]_SC_02192013_02d1809.txt >>
RKreport[1]_S_02182013_02d1656.txt ; RKreport[2]_S_02192013_02d1801.txt ; RKreport[3]_D_02192013_02d1802.txt ; RKreport[4]_SC_02192013_02d1809.txt




--------------------------------------------------------------------------
TDSSKiller.2.8.16.0_12.02.2013_22.56.50_log
---------------------------------------------------------------------------
22:56:50.0906 4560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:56:51.0656 4560 ============================================================
22:56:51.0656 4560 Current date / time: 2013/02/12 22:56:51.0656
22:56:51.0656 4560 SystemInfo:
22:56:51.0656 4560
22:56:51.0656 4560 OS Version: 5.1.2600 ServicePack: 3.0
22:56:51.0656 4560 Product type: Workstation
22:56:51.0656 4560 ComputerName: EMERALD
22:56:51.0656 4560 UserName: Mike
22:56:51.0656 4560 Windows directory: G:\WINDOWS
22:56:51.0656 4560 System windows directory: G:\WINDOWS
22:56:51.0656 4560 Processor architecture: Intel x86
22:56:51.0656 4560 Number of processors: 4
22:56:51.0656 4560 Page size: 0x1000
22:56:51.0656 4560 Boot type: Normal boot
22:56:51.0656 4560 ============================================================
22:56:52.0953 4560 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:56:52.0968 4560 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:56:52.0968 4560 ============================================================
22:56:52.0968 4560 \Device\Harddisk0\DR0:
22:56:52.0968 4560 MBR partitions:
22:56:52.0968 4560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
22:56:52.0968 4560 \Device\Harddisk1\DR1:
22:56:52.0968 4560 MBR partitions:
22:56:52.0968 4560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
22:56:52.0968 4560 ============================================================
22:56:53.0015 4560 D: <-> \Device\Harddisk0\DR0\Partition1
22:56:53.0031 4560 G: <-> \Device\Harddisk1\DR1\Partition1
22:56:53.0031 4560 ============================================================
22:56:53.0031 4560 Initialize success
22:56:53.0031 4560 ============================================================
22:57:01.0187 4108 ============================================================
22:57:01.0187 4108 Scan started
22:57:01.0187 4108 Mode: Manual;
22:57:01.0187 4108 ============================================================
22:57:01.0750 4108 ================ Scan system memory ========================
22:57:01.0750 4108 System memory - ok
22:57:01.0750 4108 ================ Scan services =============================
22:57:01.0953 4108 [ E9DE5148C0A9829E9E3BCF8A93D035C1 ] 713xTVCard G:\WINDOWS\system32\DRIVERS\SAA713x.sys
22:57:01.0968 4108 713xTVCard - ok
22:57:01.0984 4108 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 G:\WINDOWS\system32\drivers\Aavmker4.sys
22:57:01.0984 4108 Aavmker4 - ok
22:57:01.0984 4108 Abiosdsk - ok
22:57:02.0000 4108 abp480n5 - ok
22:57:02.0015 4108 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI G:\WINDOWS\system32\DRIVERS\ACPI.sys
22:57:02.0015 4108 ACPI - ok
22:57:02.0062 4108 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC G:\WINDOWS\system32\drivers\ACPIEC.sys
22:57:02.0062 4108 ACPIEC - ok
22:57:02.0156 4108 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
22:57:02.0156 4108 Adobe Version Cue CS3 - ok
22:57:02.0218 4108 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc G:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:57:02.0218 4108 AdobeFlashPlayerUpdateSvc - ok
22:57:02.0218 4108 adpu160m - ok
22:57:02.0250 4108 [ 8BED39E3C35D6A489438B8141717A557 ] aec G:\WINDOWS\system32\drivers\aec.sys
22:57:02.0250 4108 aec - ok
22:57:02.0281 4108 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD G:\WINDOWS\System32\drivers\afd.sys
22:57:02.0296 4108 AFD - ok
22:57:02.0296 4108 Aha154x - ok
22:57:02.0296 4108 aic78u2 - ok
22:57:02.0296 4108 aic78xx - ok
22:57:02.0328 4108 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter G:\WINDOWS\system32\alrsvc.dll
22:57:02.0328 4108 Alerter - ok
22:57:02.0359 4108 [ 8C515081584A38AA007909CD02020B3D ] ALG G:\WINDOWS\System32\alg.exe
22:57:02.0359 4108 ALG - ok
22:57:02.0359 4108 AliIde - ok
22:57:02.0375 4108 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM G:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:57:02.0375 4108 AmdPPM - ok
22:57:02.0390 4108 amsint - ok
22:57:02.0406 4108 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt G:\WINDOWS\System32\appmgmts.dll
22:57:02.0406 4108 AppMgmt - ok
22:57:02.0421 4108 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 G:\WINDOWS\system32\DRIVERS\arp1394.sys
22:57:02.0421 4108 Arp1394 - ok
22:57:02.0421 4108 asc - ok
22:57:02.0421 4108 asc3350p - ok
22:57:02.0437 4108 asc3550 - ok
22:57:02.0515 4108 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:57:02.0546 4108 aspnet_state - ok
22:57:02.0578 4108 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk G:\WINDOWS\system32\drivers\aswFsBlk.sys
22:57:02.0578 4108 aswFsBlk - ok
22:57:02.0593 4108 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 G:\WINDOWS\system32\drivers\aswMon2.sys
22:57:02.0593 4108 aswMon2 - ok
22:57:02.0609 4108 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr G:\WINDOWS\system32\drivers\aswRdr.sys
22:57:02.0609 4108 aswRdr - ok
22:57:02.0625 4108 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx G:\WINDOWS\system32\drivers\aswSnx.sys
22:57:02.0640 4108 aswSnx - ok
22:57:02.0671 4108 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP G:\WINDOWS\system32\drivers\aswSP.sys
22:57:02.0671 4108 aswSP - ok
22:57:02.0703 4108 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi G:\WINDOWS\system32\drivers\aswTdi.sys
22:57:02.0703 4108 aswTdi - ok
22:57:02.0703 4108 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac G:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:57:02.0703 4108 AsyncMac - ok
22:57:02.0718 4108 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi G:\WINDOWS\system32\DRIVERS\atapi.sys
22:57:02.0718 4108 atapi - ok
22:57:02.0734 4108 Atdisk - ok
22:57:02.0734 4108 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc G:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:57:02.0734 4108 Atmarpc - ok
22:57:02.0750 4108 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv G:\WINDOWS\System32\audiosrv.dll
22:57:02.0750 4108 AudioSrv - ok
22:57:02.0765 4108 [ D9F724AA26C010A217C97606B160ED68 ] audstub G:\WINDOWS\system32\DRIVERS\audstub.sys
22:57:02.0765 4108 audstub - ok
22:57:02.0828 4108 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus G:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:57:02.0843 4108 avast! Antivirus - ok
22:57:02.0859 4108 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep G:\WINDOWS\system32\drivers\Beep.sys
22:57:02.0859 4108 Beep - ok
22:57:02.0875 4108 [ 574738F61FCA2935F5265DC4E5691314 ] BITS G:\WINDOWS\system32\qmgr.dll
22:57:02.0890 4108 BITS - ok
22:57:02.0906 4108 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service G:\Program Files\Bonjour\mDNSResponder.exe
22:57:02.0921 4108 Bonjour Service - ok
22:57:02.0937 4108 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser G:\WINDOWS\System32\browser.dll
22:57:02.0937 4108 Browser - ok
22:57:03.0000 4108 [ 3DC7B0C7BE6164D3152513C0C208AD3B ] btaudio G:\WINDOWS\system32\drivers\btaudio.sys
22:57:03.0000 4108 btaudio - ok
22:57:03.0046 4108 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver G:\WINDOWS\system32\DRIVERS\btport.sys
22:57:03.0046 4108 BTDriver - ok
22:57:03.0062 4108 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum G:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:57:03.0062 4108 BthEnum - ok
22:57:03.0093 4108 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM G:\WINDOWS\system32\DRIVERS\bthmodem.sys
22:57:03.0093 4108 BTHMODEM - ok
22:57:03.0109 4108 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan G:\WINDOWS\system32\DRIVERS\bthpan.sys
22:57:03.0109 4108 BthPan - ok
22:57:03.0140 4108 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT G:\WINDOWS\system32\Drivers\BTHport.sys
22:57:03.0140 4108 BTHPORT - ok
22:57:03.0187 4108 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ G:\WINDOWS\System32\bthserv.dll
22:57:03.0187 4108 BthServ - ok
22:57:03.0218 4108 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB G:\WINDOWS\system32\Drivers\BTHUSB.sys
22:57:03.0218 4108 BTHUSB - ok
22:57:03.0265 4108 [ 9F704F40CD50AE05BBFC492C0342E765 ] btkrnl G:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:57:03.0265 4108 btkrnl - ok
22:57:03.0343 4108 [ 7F9450547C5C1BC1FA9FD7E1059796CC ] btwdins G:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:57:03.0343 4108 btwdins - ok
22:57:03.0359 4108 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS G:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:57:03.0359 4108 BTWDNDIS - ok
22:57:03.0390 4108 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid G:\WINDOWS\system32\DRIVERS\btwhid.sys
22:57:03.0390 4108 btwhid - ok
22:57:03.0406 4108 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB G:\WINDOWS\system32\Drivers\btwusb.sys
22:57:03.0406 4108 BTWUSB - ok
22:57:03.0437 4108 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k G:\WINDOWS\system32\drivers\cbidf2k.sys
22:57:03.0437 4108 cbidf2k - ok
22:57:03.0468 4108 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE G:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:57:03.0468 4108 CCDECODE - ok
22:57:03.0468 4108 cd20xrnt - ok
22:57:03.0500 4108 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio G:\WINDOWS\system32\drivers\Cdaudio.sys
22:57:03.0500 4108 Cdaudio - ok
22:57:03.0531 4108 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs G:\WINDOWS\system32\drivers\Cdfs.sys
22:57:03.0531 4108 Cdfs - ok
22:57:03.0562 4108 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom G:\WINDOWS\system32\DRIVERS\cdrom.sys
22:57:03.0562 4108 Cdrom - ok
22:57:03.0562 4108 Changer - ok
22:57:03.0593 4108 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc G:\WINDOWS\system32\cisvc.exe
22:57:03.0593 4108 CiSvc - ok
22:57:03.0625 4108 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv G:\WINDOWS\system32\clipsrv.exe
22:57:03.0625 4108 ClipSrv - ok
22:57:03.0687 4108 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 g:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:03.0687 4108 clr_optimization_v2.0.50727_32 - ok
22:57:03.0734 4108 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:57:03.0796 4108 clr_optimization_v4.0.30319_32 - ok
22:57:03.0796 4108 CmdIde - ok
22:57:03.0812 4108 COMSysApp - ok
22:57:03.0812 4108 Cpqarray - ok
22:57:03.0828 4108 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc G:\WINDOWS\System32\cryptsvc.dll
22:57:03.0828 4108 CryptSvc - ok
22:57:03.0843 4108 dac2w2k - ok
22:57:03.0843 4108 dac960nt - ok
22:57:03.0890 4108 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch G:\WINDOWS\system32\rpcss.dll
22:57:03.0890 4108 DcomLaunch - ok
22:57:03.0906 4108 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp G:\WINDOWS\System32\dhcpcsvc.dll
22:57:03.0921 4108 Dhcp - ok
22:57:03.0953 4108 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk G:\WINDOWS\system32\DRIVERS\disk.sys
22:57:03.0953 4108 Disk - ok
22:57:03.0968 4108 dmadmin - ok
22:57:04.0015 4108 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot G:\WINDOWS\system32\drivers\dmboot.sys
22:57:04.0015 4108 dmboot - ok
22:57:04.0031 4108 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio G:\WINDOWS\system32\drivers\dmio.sys
22:57:04.0031 4108 dmio - ok
22:57:04.0062 4108 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload G:\WINDOWS\system32\drivers\dmload.sys
22:57:04.0062 4108 dmload - ok
22:57:04.0078 4108 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver G:\WINDOWS\System32\dmserver.dll
22:57:04.0078 4108 dmserver - ok
22:57:04.0109 4108 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic G:\WINDOWS\system32\drivers\DMusic.sys
22:57:04.0109 4108 DMusic - ok
22:57:04.0125 4108 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache G:\WINDOWS\System32\dnsrslvr.dll
22:57:04.0140 4108 Dnscache - ok
22:57:04.0140 4108 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc G:\WINDOWS\System32\dot3svc.dll
22:57:04.0156 4108 Dot3svc - ok
22:57:04.0156 4108 dpti2o - ok
22:57:04.0156 4108 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud G:\WINDOWS\system32\drivers\drmkaud.sys
22:57:04.0156 4108 drmkaud - ok
22:57:04.0171 4108 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost G:\WINDOWS\System32\eapsvc.dll
22:57:04.0171 4108 EapHost - ok
22:57:04.0187 4108 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc G:\WINDOWS\System32\ersvc.dll
22:57:04.0187 4108 ERSvc - ok
22:57:04.0203 4108 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog G:\WINDOWS\system32\services.exe
22:57:04.0218 4108 Eventlog - ok
22:57:04.0265 4108 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem G:\WINDOWS\system32\es.dll
22:57:04.0265 4108 EventSystem - ok
22:57:04.0296 4108 [ 38D332A6D56AF32635675F132548343E ] Fastfat G:\WINDOWS\system32\drivers\Fastfat.sys
22:57:04.0296 4108 Fastfat - ok
22:57:04.0343 4108 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility G:\WINDOWS\System32\shsvcs.dll
22:57:04.0343 4108 FastUserSwitchingCompatibility - ok
22:57:04.0375 4108 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc G:\WINDOWS\system32\DRIVERS\fdc.sys
22:57:04.0375 4108 Fdc - ok
22:57:04.0390 4108 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips G:\WINDOWS\system32\drivers\Fips.sys
22:57:04.0390 4108 Fips - ok
22:57:04.0421 4108 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:57:04.0421 4108 FLEXnet Licensing Service - ok
22:57:04.0437 4108 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk G:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:57:04.0437 4108 Flpydisk - ok
22:57:04.0468 4108 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr G:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:57:04.0468 4108 FltMgr - ok
22:57:04.0562 4108 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 g:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:57:04.0562 4108 FontCache3.0.0.0 - ok
22:57:04.0640 4108 [ 606ACB555E9E3599537B2F33E73082B1 ] ForceWare Intelligent Application Manager (IAM) G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:57:04.0640 4108 ForceWare Intelligent Application Manager (IAM) - ok
22:57:04.0656 4108 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec G:\WINDOWS\system32\drivers\Fs_Rec.sys
22:57:04.0656 4108 Fs_Rec - ok
22:57:04.0671 4108 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk G:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:57:04.0671 4108 Ftdisk - ok
22:57:04.0687 4108 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc G:\WINDOWS\system32\DRIVERS\msgpc.sys
22:57:04.0687 4108 Gpc - ok
22:57:04.0718 4108 [ 833051C6C6C42117191935F734CFBD97 ] hamachi G:\WINDOWS\system32\DRIVERS\hamachi.sys
22:57:04.0718 4108 hamachi - ok
22:57:04.0781 4108 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc G:\Program Files\LogMeIn Hamachi\hamachi-2.exe
22:57:04.0796 4108 Hamachi2Svc - ok
22:57:04.0828 4108 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus G:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:57:04.0828 4108 HDAudBus - ok
22:57:04.0875 4108 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc G:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:57:04.0875 4108 helpsvc - ok
22:57:04.0921 4108 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ G:\WINDOWS\System32\hidserv.dll
22:57:04.0921 4108 HidServ - ok
22:57:04.0937 4108 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb G:\WINDOWS\system32\DRIVERS\hidusb.sys
22:57:04.0937 4108 hidusb - ok
22:57:04.0984 4108 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc G:\WINDOWS\System32\kmsvc.dll
22:57:04.0984 4108 hkmsvc - ok
22:57:04.0984 4108 hpn - ok
22:57:05.0015 4108 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP G:\WINDOWS\system32\Drivers\HTTP.sys
22:57:05.0015 4108 HTTP - ok
22:57:05.0031 4108 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter G:\WINDOWS\System32\w3ssl.dll
22:57:05.0046 4108 HTTPFilter - ok
22:57:05.0046 4108 i2omgmt - ok
22:57:05.0062 4108 i2omp - ok
22:57:05.0078 4108 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt G:\WINDOWS\system32\drivers\i8042prt.sys
22:57:05.0078 4108 i8042prt - ok
22:57:05.0125 4108 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc g:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:57:05.0125 4108 idsvc - ok
22:57:05.0140 4108 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi G:\WINDOWS\system32\DRIVERS\imapi.sys
22:57:05.0140 4108 Imapi - ok
22:57:05.0171 4108 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService G:\WINDOWS\system32\imapi.exe
22:57:05.0187 4108 ImapiService - ok
22:57:05.0203 4108 [ 914B9BD741189335C1F8D0CCEDA8B639 ] InCDfs G:\WINDOWS\system32\drivers\InCDFs.sys
22:57:05.0203 4108 InCDfs - ok
22:57:05.0234 4108 [ 4750CB7883952F873F778BDCF09E6C93 ] InCDPass G:\WINDOWS\system32\drivers\InCDPass.sys
22:57:05.0234 4108 InCDPass - ok
22:57:05.0234 4108 [ 4FADCD138C649545BFA9DC3BBC8FEE0D ] InCDRec G:\WINDOWS\system32\drivers\InCDRec.sys
22:57:05.0234 4108 InCDRec - ok
22:57:05.0250 4108 [ EFE97B244C8DC63600777207DF6AFAC1 ] incdrm G:\WINDOWS\system32\drivers\InCDRm.sys
22:57:05.0250 4108 incdrm - ok
22:57:05.0328 4108 [ 32CD31A1262A577AB723DBB3894175F0 ] InCDsrv G:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
22:57:05.0343 4108 InCDsrv - ok
22:57:05.0343 4108 ini910u - ok
22:57:05.0453 4108 [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] IntcAzAudAddService G:\WINDOWS\system32\drivers\RtkHDAud.sys
22:57:05.0484 4108 IntcAzAudAddService - ok
22:57:05.0500 4108 IntelIde - ok
22:57:05.0531 4108 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw G:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:57:05.0531 4108 Ip6Fw - ok
22:57:05.0546 4108 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver G:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:57:05.0562 4108 IpFilterDriver - ok
22:57:05.0562 4108 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp G:\WINDOWS\system32\DRIVERS\ipinip.sys
22:57:05.0578 4108 IpInIp - ok
22:57:05.0609 4108 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat G:\WINDOWS\system32\DRIVERS\ipnat.sys
22:57:05.0609 4108 IpNat - ok
22:57:05.0640 4108 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec G:\WINDOWS\system32\DRIVERS\ipsec.sys
22:57:05.0640 4108 IPSec - ok
22:57:05.0656 4108 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM G:\WINDOWS\system32\DRIVERS\irenum.sys
22:57:05.0656 4108 IRENUM - ok
22:57:05.0671 4108 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp G:\WINDOWS\system32\DRIVERS\isapnp.sys
22:57:05.0671 4108 isapnp - ok
22:57:05.0734 4108 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService G:\Program Files\Java\jre7\bin\jqs.exe
22:57:05.0734 4108 JavaQuickStarterService - ok
22:57:05.0781 4108 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass G:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:57:05.0781 4108 Kbdclass - ok
22:57:05.0843 4108 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid G:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:57:05.0843 4108 kbdhid - ok
22:57:05.0875 4108 [ 692BCF44383D056AED41B045A323D378 ] kmixer G:\WINDOWS\system32\drivers\kmixer.sys
22:57:05.0875 4108 kmixer - ok
22:57:05.0890 4108 [ B467646C54CC746128904E1654C750C1 ] KSecDD G:\WINDOWS\system32\drivers\KSecDD.sys
22:57:05.0890 4108 KSecDD - ok
22:57:05.0921 4108 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer G:\WINDOWS\System32\srvsvc.dll
22:57:05.0921 4108 LanmanServer - ok
22:57:05.0953 4108 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation G:\WINDOWS\System32\wkssvc.dll
22:57:05.0968 4108 lanmanworkstation - ok
22:57:05.0968 4108 lbrtfdc - ok
22:57:06.0015 4108 [ 9DBAFD6106EE59D548AA1B0C144799EF ] LightScribeService G:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:57:06.0031 4108 LightScribeService - ok
22:57:06.0031 4108 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts G:\WINDOWS\System32\lmhsvc.dll
22:57:06.0046 4108 LmHosts - ok
22:57:06.0093 4108 LMIInfo - ok
22:57:06.0125 4108 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr G:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:57:06.0125 4108 lmimirr - ok
22:57:06.0125 4108 LMIRfsClientNP - ok
22:57:06.0125 4108 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver G:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:57:06.0140 4108 LMIRfsDriver - ok
22:57:06.0156 4108 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon G:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:57:06.0171 4108 LVPr2Mon - ok
22:57:06.0203 4108 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS G:\WINDOWS\system32\DRIVERS\lvrs.sys
22:57:06.0203 4108 LVRS - ok
22:57:06.0312 4108 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC G:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:57:06.0343 4108 LVUVC - ok
22:57:06.0359 4108 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector G:\WINDOWS\system32\drivers\mbam.sys
22:57:06.0359 4108 MBAMProtector - ok
22:57:06.0406 4108 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler G:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:57:06.0406 4108 MBAMScheduler - ok
22:57:06.0421 4108 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:57:06.0421 4108 MBAMService - ok
22:57:06.0453 4108 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger G:\WINDOWS\System32\msgsvc.dll
22:57:06.0453 4108 Messenger - ok
22:57:06.0500 4108 [ 4F169F43F932739F093AE4E659FFF26A ] MHIKEY10 G:\WINDOWS\system32\Drivers\MHIKEY10.sys
22:57:06.0500 4108 MHIKEY10 - ok
22:57:06.0546 4108 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd G:\WINDOWS\system32\drivers\mnmdd.sys
22:57:06.0546 4108 mnmdd - ok
22:57:06.0562 4108 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc G:\WINDOWS\system32\mnmsrvc.exe
22:57:06.0562 4108 mnmsrvc - ok
22:57:06.0578 4108 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem G:\WINDOWS\system32\drivers\Modem.sys
22:57:06.0578 4108 Modem - ok
22:57:06.0609 4108 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass G:\WINDOWS\system32\DRIVERS\mouclass.sys
22:57:06.0609 4108 Mouclass - ok
22:57:06.0625 4108 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid G:\WINDOWS\system32\DRIVERS\mouhid.sys
22:57:06.0625 4108 mouhid - ok
22:57:06.0625 4108 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr G:\WINDOWS\system32\drivers\MountMgr.sys
22:57:06.0625 4108 MountMgr - ok
22:57:06.0656 4108 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance G:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:57:06.0656 4108 MozillaMaintenance - ok
22:57:06.0656 4108 mraid35x - ok
22:57:06.0671 4108 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV G:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:57:06.0671 4108 MRxDAV - ok
22:57:06.0687 4108 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb G:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:57:06.0703 4108 MRxSmb - ok
22:57:06.0718 4108 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC G:\WINDOWS\system32\msdtc.exe
22:57:06.0734 4108 MSDTC - ok
22:57:06.0734 4108 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs G:\WINDOWS\system32\drivers\Msfs.sys
22:57:06.0734 4108 Msfs - ok
22:57:06.0734 4108 MSIServer - ok
22:57:06.0765 4108 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV G:\WINDOWS\system32\drivers\MSKSSRV.sys
22:57:06.0781 4108 MSKSSRV - ok
22:57:06.0828 4108 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK G:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:57:06.0828 4108 MSPCLOCK - ok
22:57:06.0828 4108 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM G:\WINDOWS\system32\drivers\MSPQM.sys
22:57:06.0828 4108 MSPQM - ok
22:57:06.0890 4108 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios G:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:57:06.0890 4108 mssmbios - ok
22:57:06.0921 4108 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE G:\WINDOWS\system32\drivers\MSTEE.sys
22:57:06.0921 4108 MSTEE - ok
22:57:06.0937 4108 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor G:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:57:06.0937 4108 MTsensor - ok
22:57:06.0953 4108 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup G:\WINDOWS\system32\drivers\Mup.sys
22:57:06.0953 4108 Mup - ok
22:57:06.0984 4108 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC G:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:57:06.0984 4108 NABTSFEC - ok
22:57:07.0031 4108 [ 0102140028FAD045756796E1C685D695 ] napagent G:\WINDOWS\System32\qagentrt.dll
22:57:07.0046 4108 napagent - ok
22:57:07.0062 4108 [ 1DF7F42665C94B825322FAE71721130D ] NDIS G:\WINDOWS\system32\drivers\NDIS.sys
22:57:07.0062 4108 NDIS - ok
22:57:07.0078 4108 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP G:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:57:07.0078 4108 NdisIP - ok
22:57:07.0109 4108 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi G:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:57:07.0109 4108 NdisTapi - ok
22:57:07.0125 4108 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio G:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:57:07.0140 4108 Ndisuio - ok
22:57:07.0156 4108 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan G:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:57:07.0156 4108 NdisWan - ok
22:57:07.0171 4108 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy G:\WINDOWS\system32\drivers\NDProxy.sys
22:57:07.0171 4108 NDProxy - ok
22:57:07.0203 4108 [ BF11B59A84BC6237E90FA477A1432626 ] NeroRegInCDSrv G:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
22:57:07.0203 4108 NeroRegInCDSrv - ok
22:57:07.0203 4108 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS G:\WINDOWS\system32\DRIVERS\netbios.sys
22:57:07.0203 4108 NetBIOS - ok
22:57:07.0218 4108 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT G:\WINDOWS\system32\DRIVERS\netbt.sys
22:57:07.0218 4108 NetBT - ok
22:57:07.0250 4108 [ B857BA82860D7FF85AE29B095645563B ] NetDDE G:\WINDOWS\system32\netdde.exe
22:57:07.0250 4108 NetDDE - ok
22:57:07.0250 4108 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm G:\WINDOWS\system32\netdde.exe
22:57:07.0265 4108 NetDDEdsdm - ok
22:57:07.0281 4108 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon G:\WINDOWS\system32\lsass.exe
22:57:07.0281 4108 Netlogon - ok
22:57:07.0312 4108 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman G:\WINDOWS\System32\netman.dll
22:57:07.0312 4108 Netman - ok
22:57:07.0343 4108 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:57:07.0375 4108 NetTcpPortSharing - ok
22:57:07.0406 4108 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 G:\WINDOWS\system32\DRIVERS\nic1394.sys
22:57:07.0406 4108 NIC1394 - ok
22:57:07.0453 4108 [ 943337D786A56729263071623BBB9DE5 ] Nla G:\WINDOWS\System32\mswsock.dll
22:57:07.0468 4108 Nla - ok
22:57:07.0515 4108 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:57:07.0531 4108 NMIndexingService - ok
22:57:07.0531 4108 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs G:\WINDOWS\system32\drivers\Npfs.sys
22:57:07.0531 4108 Npfs - ok
22:57:07.0562 4108 [ FB988984573BE3CB17EA73F346645144 ] nSvcIp G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:57:07.0562 4108 nSvcIp - ok
22:57:07.0593 4108 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs G:\WINDOWS\system32\drivers\Ntfs.sys
22:57:07.0593 4108 Ntfs - ok
22:57:07.0593 4108 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp G:\WINDOWS\system32\lsass.exe
22:57:07.0593 4108 NtLmSsp - ok
22:57:07.0625 4108 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc G:\WINDOWS\system32\ntmssvc.dll
22:57:07.0625 4108 NtmsSvc - ok
22:57:07.0640 4108 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null G:\WINDOWS\system32\drivers\Null.sys
22:57:07.0640 4108 Null - ok
22:57:07.0875 4108 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv G:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:57:07.0968 4108 nv - ok
22:57:08.0000 4108 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD G:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:57:08.0000 4108 NVENETFD - ok
22:57:08.0031 4108 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA G:\WINDOWS\system32\drivers\nvhda32.sys
22:57:08.0031 4108 NVHDA - ok
22:57:08.0046 4108 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus G:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:57:08.0046 4108 nvnetbus - ok
22:57:08.0078 4108 [ 2A085AEC3AB2B1211611D2A7B9E22456 ] nvsmu G:\WINDOWS\system32\DRIVERS\nvsmu.sys
22:57:08.0078 4108 nvsmu - ok
22:57:08.0109 4108 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc G:\WINDOWS\system32\nvsvc32.exe
22:57:08.0109 4108 NVSvc - ok
22:57:08.0125 4108 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt G:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:57:08.0140 4108 NwlnkFlt - ok
22:57:08.0140 4108 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd G:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:57:08.0140 4108 NwlnkFwd - ok
22:57:08.0156 4108 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 G:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:57:08.0156 4108 ohci1394 - ok
22:57:08.0156 4108 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport G:\WINDOWS\system32\drivers\Parport.sys
22:57:08.0171 4108 Parport - ok
22:57:08.0171 4108 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr G:\WINDOWS\system32\drivers\PartMgr.sys
22:57:08.0171 4108 PartMgr - ok
22:57:08.0187 4108 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm G:\WINDOWS\system32\drivers\ParVdm.sys
22:57:08.0187 4108 ParVdm - ok
22:57:08.0203 4108 [ A219903CCF74233761D92BEF471A07B1 ] PCI G:\WINDOWS\system32\DRIVERS\pci.sys
22:57:08.0203 4108 PCI - ok
22:57:08.0203 4108 PciCon - ok
22:57:08.0203 4108 PCIDump - ok
22:57:08.0203 4108 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde G:\WINDOWS\system32\DRIVERS\pciide.sys
22:57:08.0218 4108 PCIIde - ok
22:57:08.0234 4108 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia G:\WINDOWS\system32\drivers\Pcmcia.sys
22:57:08.0234 4108 Pcmcia - ok
22:57:08.0234 4108 PDCOMP - ok
22:57:08.0250 4108 PDFRAME - ok
22:57:08.0250 4108 PDRELI - ok
22:57:08.0250 4108 PDRFRAME - ok
22:57:08.0265 4108 perc2 - ok
22:57:08.0265 4108 perc2hib - ok
22:57:08.0281 4108 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay G:\WINDOWS\system32\services.exe
22:57:08.0296 4108 PlugPlay - ok
22:57:08.0312 4108 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA G:\WINDOWS\system32\PnkBstrA.exe
22:57:08.0312 4108 PnkBstrA - ok
22:57:08.0328 4108 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent G:\WINDOWS\system32\lsass.exe
22:57:08.0343 4108 PolicyAgent - ok
22:57:08.0359 4108 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport G:\WINDOWS\system32\DRIVERS\raspptp.sys
22:57:08.0359 4108 PptpMiniport - ok
22:57:08.0359 4108 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor G:\WINDOWS\system32\DRIVERS\processr.sys
22:57:08.0375 4108 Processor - ok
22:57:08.0375 4108 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage G:\WINDOWS\system32\lsass.exe
22:57:08.0375 4108 ProtectedStorage - ok
22:57:08.0390 4108 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched G:\WINDOWS\system32\DRIVERS\psched.sys
22:57:08.0390 4108 PSched - ok
22:57:08.0406 4108 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink G:\WINDOWS\system32\DRIVERS\ptilink.sys
22:57:08.0406 4108 Ptilink - ok
22:57:08.0437 4108 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 G:\WINDOWS\system32\Drivers\PxHelp20.sys
22:57:08.0437 4108 PxHelp20 - ok
22:57:08.0437 4108 ql1080 - ok
22:57:08.0453 4108 Ql10wnt - ok
22:57:08.0453 4108 ql12160 - ok
22:57:08.0453 4108 ql1240 - ok
22:57:08.0468 4108 ql1280 - ok
22:57:08.0468 4108 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd G:\WINDOWS\system32\DRIVERS\rasacd.sys
22:57:08.0484 4108 RasAcd - ok
22:57:08.0500 4108 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto G:\WINDOWS\System32\rasauto.dll
22:57:08.0500 4108 RasAuto - ok
22:57:08.0515 4108 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp G:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:57:08.0515 4108 Rasl2tp - ok
22:57:08.0515 4108 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan G:\WINDOWS\System32\rasmans.dll
22:57:08.0531 4108 RasMan - ok
22:57:08.0546 4108 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe G:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:57:08.0546 4108 RasPppoe - ok
22:57:08.0546 4108 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti G:\WINDOWS\system32\DRIVERS\raspti.sys
22:57:08.0546 4108 Raspti - ok
22:57:08.0562 4108 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss G:\WINDOWS\system32\DRIVERS\rdbss.sys
22:57:08.0562 4108 Rdbss - ok
22:57:08.0578 4108 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD G:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:57:08.0578 4108 RDPCDD - ok
22:57:08.0609 4108 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr G:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:57:08.0609 4108 rdpdr - ok
22:57:08.0656 4108 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD G:\WINDOWS\system32\drivers\RDPWD.sys
22:57:08.0656 4108 RDPWD - ok
22:57:08.0687 4108 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr G:\WINDOWS\system32\sessmgr.exe
22:57:08.0703 4108 RDSessMgr - ok
22:57:08.0750 4108 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service G:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
22:57:08.0750 4108 RealNetworks Downloader Resolver Service - ok
22:57:08.0781 4108 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook G:\WINDOWS\system32\DRIVERS\redbook.sys
22:57:08.0781 4108 redbook - ok
22:57:08.0812 4108 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess G:\WINDOWS\System32\mprdim.dll
22:57:08.0812 4108 RemoteAccess - ok
22:57:08.0828 4108 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry G:\WINDOWS\system32\regsvc.dll
22:57:08.0843 4108 RemoteRegistry - ok
22:57:08.0843 4108 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM G:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:57:08.0843 4108 RFCOMM - ok
22:57:08.0859 4108 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator G:\WINDOWS\system32\locator.exe
22:57:08.0875 4108 RpcLocator - ok
22:57:08.0890 4108 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs G:\WINDOWS\system32\rpcss.dll
22:57:08.0906 4108 RpcSs - ok
22:57:08.0921 4108 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP G:\WINDOWS\system32\rsvp.exe
22:57:08.0937 4108 RSVP - ok
22:57:08.0968 4108 [ 2C293F0F3295A599FB50D8FCF1FA6DED ] RTCore32 G:\Program Files\EVGA Precision\RTCore32.sys
22:57:08.0968 4108 RTCore32 - ok
22:57:09.0000 4108 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs G:\WINDOWS\system32\lsass.exe
22:57:09.0000 4108 SamSs - ok
22:57:09.0031 4108 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr G:\WINDOWS\System32\SCardSvr.exe
22:57:09.0046 4108 SCardSvr - ok
22:57:09.0078 4108 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule G:\WINDOWS\system32\schedsvc.dll
22:57:09.0093 4108 Schedule - ok
22:57:09.0093 4108 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv G:\WINDOWS\system32\DRIVERS\secdrv.sys
22:57:09.0093 4108 Secdrv - ok
22:57:09.0125 4108 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon G:\WINDOWS\System32\seclogon.dll
22:57:09.0125 4108 seclogon - ok
22:57:09.0140 4108 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS G:\WINDOWS\system32\sens.dll
22:57:09.0156 4108 SENS - ok
22:57:09.0156 4108 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum G:\WINDOWS\system32\DRIVERS\serenum.sys
22:57:09.0171 4108 serenum - ok
22:57:09.0171 4108 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial G:\WINDOWS\system32\DRIVERS\serial.sys
22:57:09.0171 4108 Serial - ok
22:57:09.0218 4108 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy G:\WINDOWS\system32\drivers\Sfloppy.sys
22:57:09.0218 4108 Sfloppy - ok
22:57:09.0250 4108 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess G:\WINDOWS\System32\ipnathlp.dll
22:57:09.0250 4108 SharedAccess - ok
22:57:09.0265 4108 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection G:\WINDOWS\System32\shsvcs.dll
22:57:09.0265 4108 ShellHWDetection - ok
22:57:09.0265 4108 Simbad - ok
22:57:09.0406 4108 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service G:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:57:09.0421 4108 Skype C2C Service - ok
22:57:09.0468 4108 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate G:\Program Files\Skype\Updater\Updater.exe
22:57:09.0468 4108 SkypeUpdate - ok
22:57:09.0500 4108 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP G:\WINDOWS\system32\DRIVERS\SLIP.sys
22:57:09.0515 4108 SLIP - ok
22:57:09.0546 4108 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 G:\WINDOWS\system32\drivers\SMR311.SYS
22:57:09.0546 4108 SMR311 - ok
22:57:09.0562 4108 Sparrow - ok
22:57:09.0578 4108 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter G:\WINDOWS\system32\drivers\splitter.sys
22:57:09.0593 4108 splitter - ok
22:57:09.0609 4108 [ 60784F891563FB1B767F70117FC2428F ] Spooler G:\WINDOWS\system32\spoolsv.exe
22:57:09.0609 4108 Spooler - ok
22:57:09.0656 4108 [ A199171385BE17973FD800FA91F8F78A ] sptd G:\WINDOWS\system32\Drivers\sptd.sys
22:57:09.0656 4108 Suspicious file (NoAccess): G:\WINDOWS\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A
22:57:09.0656 4108 sptd ( LockedFile.Multi.Generic ) - warning
22:57:09.0656 4108 sptd - detected LockedFile.Multi.Generic (1)
22:57:09.0671 4108 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr G:\WINDOWS\system32\DRIVERS\sr.sys
22:57:09.0671 4108 sr - ok
22:57:09.0687 4108 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice G:\WINDOWS\system32\srsvc.dll
22:57:09.0687 4108 srservice - ok
22:57:09.0703 4108 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv G:\WINDOWS\system32\DRIVERS\srv.sys
22:57:09.0718 4108 Srv - ok
22:57:09.0734 4108 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV G:\WINDOWS\System32\ssdpsrv.dll
22:57:09.0750 4108 SSDPSRV - ok
22:57:09.0796 4108 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE G:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
22:57:09.0796 4108 StarWindServiceAE - ok
22:57:09.0812 4108 Steam Client Service - ok
22:57:09.0843 4108 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc G:\WINDOWS\system32\wiaservc.dll
22:57:09.0859 4108 stisvc - ok
22:57:09.0890 4108 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip G:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:57:09.0890 4108 streamip - ok
22:57:09.0921 4108 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum G:\WINDOWS\system32\DRIVERS\swenum.sys
22:57:09.0921 4108 swenum - ok
22:57:09.0937 4108 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi G:\WINDOWS\system32\drivers\swmidi.sys
22:57:09.0937 4108 swmidi - ok
22:57:09.0937 4108 SwPrv - ok
22:57:09.0953 4108 symc810 - ok
22:57:09.0968 4108 symc8xx - ok
22:57:09.0968 4108 sym_hi - ok
22:57:09.0984 4108 sym_u3 - ok
22:57:10.0000 4108 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio G:\WINDOWS\system32\drivers\sysaudio.sys
22:57:10.0000 4108 sysaudio - ok
22:57:10.0031 4108 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog G:\WINDOWS\system32\smlogsvc.exe
22:57:10.0031 4108 SysmonLog - ok
22:57:10.0062 4108 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv G:\WINDOWS\System32\tapisrv.dll
22:57:10.0062 4108 TapiSrv - ok
22:57:10.0093 4108 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip G:\WINDOWS\system32\DRIVERS\tcpip.sys
22:57:10.0093 4108 Tcpip - ok
22:57:10.0109 4108 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE G:\WINDOWS\system32\drivers\TDPIPE.sys
22:57:10.0109 4108 TDPIPE - ok
22:57:10.0125 4108 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP G:\WINDOWS\system32\drivers\TDTCP.sys
22:57:10.0125 4108 TDTCP - ok
22:57:10.0125 4108 [ 88155247177638048422893737429D9E ] TermDD G:\WINDOWS\system32\DRIVERS\termdd.sys
22:57:10.0125 4108 TermDD - ok
22:57:10.0156 4108 [ FF3477C03BE7201C294C35F684B3479F ] TermService G:\WINDOWS\System32\termsrv.dll
22:57:10.0156 4108 TermService - ok
22:57:10.0171 4108 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes G:\WINDOWS\System32\shsvcs.dll
22:57:10.0187 4108 Themes - ok
22:57:10.0234 4108 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr G:\WINDOWS\system32\tlntsvr.exe
22:57:10.0234 4108 TlntSvr - ok
22:57:10.0234 4108 TosIde - ok
22:57:10.0265 4108 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks G:\WINDOWS\system32\trkwks.dll
22:57:10.0281 4108 TrkWks - ok
22:57:10.0296 4108 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs G:\WINDOWS\system32\drivers\Udfs.sys
22:57:10.0296 4108 Udfs - ok
22:57:10.0296 4108 ultra - ok
22:57:10.0359 4108 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv G:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:57:10.0359 4108 UMVPFSrv - ok
22:57:10.0375 4108 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update G:\WINDOWS\system32\DRIVERS\update.sys
22:57:10.0390 4108 Update - ok
22:57:10.0406 4108 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost G:\WINDOWS\System32\upnphost.dll
22:57:10.0406 4108 upnphost - ok
22:57:10.0421 4108 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS G:\WINDOWS\System32\ups.exe
22:57:10.0421 4108 UPS - ok
22:57:10.0453 4108 [ E919708DB44ED8543A7C017953148330 ] usbaudio G:\WINDOWS\system32\drivers\usbaudio.sys
22:57:10.0453 4108 usbaudio - ok
22:57:10.0468 4108 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp G:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:57:10.0484 4108 usbccgp - ok
22:57:10.0500 4108 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci G:\WINDOWS\system32\DRIVERS\usbehci.sys
22:57:10.0500 4108 usbehci - ok
22:57:10.0515 4108 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub G:\WINDOWS\system32\DRIVERS\usbhub.sys
22:57:10.0515 4108 usbhub - ok
22:57:10.0531 4108 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci G:\WINDOWS\system32\DRIVERS\usbohci.sys
22:57:10.0531 4108 usbohci - ok
22:57:10.0562 4108 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:57:10.0562 4108 USBSTOR - ok
22:57:10.0593 4108 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo G:\WINDOWS\system32\Drivers\usbvideo.sys
22:57:10.0593 4108 usbvideo - ok
22:57:10.0593 4108 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave G:\WINDOWS\System32\drivers\vga.sys
22:57:10.0593 4108 VgaSave - ok
22:57:10.0609 4108 ViaIde - ok
22:57:10.0640 4108 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap G:\WINDOWS\system32\drivers\VolSnap.sys
22:57:10.0640 4108 VolSnap - ok
22:57:10.0671 4108 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS G:\WINDOWS\System32\vssvc.exe
22:57:10.0671 4108 VSS - ok
22:57:10.0703 4108 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time G:\WINDOWS\system32\w32time.dll
22:57:10.0703 4108 W32Time - ok
22:57:10.0718 4108 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp G:\WINDOWS\system32\DRIVERS\wanarp.sys
22:57:10.0718 4108 Wanarp - ok
22:57:10.0734 4108 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM G:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:57:10.0734 4108 WDC_SAM - ok
22:57:10.0796 4108 [ C1768DAF1C32E91C7F0D87AB06310334 ] WDDMService G:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
22:57:10.0796 4108 WDDMService - ok
22:57:10.0843 4108 [ ABD9E20F561AAB189FD2D766B1774BEB ] WDFMEService G:\Program Files\Western Digital\WD SmartWare\WDFME.exe
22:57:10.0859 4108 WDFMEService - ok
22:57:10.0859 4108 WDICA - ok
22:57:10.0906 4108 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud G:\WINDOWS\system32\drivers\wdmaud.sys
22:57:10.0906 4108 wdmaud - ok
22:57:10.0937 4108 [ 5A006CF200EE4C21E107FB3739D22426 ] WDMTVTuner G:\WINDOWS\system32\drivers\WDMTuner.sys
22:57:10.0937 4108 WDMTVTuner - ok
22:57:10.0968 4108 [ FF7808BD8B3C56CCC5E9369001E294DB ] WDRulesService G:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
22:57:10.0984 4108 WDRulesService - ok
22:57:11.0000 4108 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient G:\WINDOWS\System32\webclnt.dll
22:57:11.0015 4108 WebClient - ok
22:57:11.0062 4108 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt G:\WINDOWS\system32\wbem\WMIsvc.dll
22:57:11.0062 4108 winmgmt - ok
22:57:11.0156 4108 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:57:11.0156 4108 wlidsvc - ok
22:57:11.0187 4108 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN G:\WINDOWS\system32\MsPMSNSv.dll
22:57:11.0203 4108 WmdmPmSN - ok
22:57:11.0218 4108 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi G:\WINDOWS\System32\advapi32.dll
22:57:11.0218 4108 Wmi - ok
22:57:11.0234 4108 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi G:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:57:11.0234 4108 WmiAcpi - ok
22:57:11.0265 4108 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv G:\WINDOWS\system32\wbem\wmiapsrv.exe
22:57:11.0265 4108 WmiApSrv - ok
22:57:11.0328 4108 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc G:\Program Files\Windows Media Player\WMPNetwk.exe
22:57:11.0343 4108 WMPNetworkSvc - ok
22:57:11.0359 4108 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb G:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:57:11.0359 4108 WpdUsb - ok
22:57:11.0453 4108 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 G:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:57:11.0453 4108 WPFFontCache_v0400 - ok
22:57:11.0500 4108 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL G:\WINDOWS\System32\drivers\ws2ifsl.sys
22:57:11.0500 4108 WS2IFSL - ok
22:57:11.0531 4108 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc G:\WINDOWS\system32\wscsvc.dll
22:57:11.0531 4108 wscsvc - ok
22:57:11.0562 4108 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC G:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:57:11.0562 4108 WSTCODEC - ok
22:57:11.0609 4108 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv G:\WINDOWS\system32\wuauserv.dll
22:57:11.0609 4108 wuauserv - ok
22:57:11.0640 4108 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf G:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:57:11.0640 4108 WudfPf - ok
22:57:11.0656 4108 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd G:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:57:11.0656 4108 WudfRd - ok
22:57:11.0671 4108 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc G:\WINDOWS\System32\WUDFSvc.dll
22:57:11.0671 4108 WudfSvc - ok
22:57:11.0687 4108 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC G:\WINDOWS\System32\wzcsvc.dll
22:57:11.0703 4108 WZCSVC - ok
22:57:11.0718 4108 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov G:\WINDOWS\System32\xmlprov.dll
22:57:11.0734 4108 xmlprov - ok
22:57:11.0750 4108 ================ Scan global ===============================
22:57:11.0781 4108 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] G:\WINDOWS\system32\basesrv.dll
22:57:11.0812 4108 [ 8C7DCA4B158BF16894120786A7A5F366 ] G:\WINDOWS\system32\winsrv.dll
22:57:11.0843 4108 [ 8C7DCA4B158BF16894120786A7A5F366 ] G:\WINDOWS\system32\winsrv.dll
22:57:11.0859 4108 [ 65DF52F5B8B6E9BBD183505225C37315 ] G:\WINDOWS\system32\services.exe
22:57:11.0875 4108 [Global] - ok
22:57:11.0875 4108 ================ Scan MBR ==================================
22:57:11.0890 4108 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:57:12.0125 4108 \Device\Harddisk0\DR0 - ok
22:57:12.0203 4108 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:57:12.0343 4108 \Device\Harddisk1\DR1 - ok
22:57:12.0343 4108 ================ Scan VBR ==================================
22:57:12.0343 4108 [ EDED2E1346CAD0B2BFD63E922A8B465B ] \Device\Harddisk0\DR0\Partition1
22:57:12.0343 4108 \Device\Harddisk0\DR0\Partition1 - ok
22:57:12.0343 4108 [ E45C47824F569EA6F4AB771D8EC6D674 ] \Device\Harddisk1\DR1\Partition1
22:57:12.0343 4108 \Device\Harddisk1\DR1\Partition1 - ok
22:57:12.0343 4108 ============================================================
22:57:12.0343 4108 Scan finished
22:57:12.0343 4108 ============================================================
22:57:12.0359 3660 Detected object count: 1
22:57:12.0359 3660 Actual detected object count: 1
23:06:12.0671 3660 G:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
23:06:12.0687 3660 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
23:06:12.0687 3660 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
23:06:12.0687 3660 G:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot
23:06:12.0687 3660 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
23:06:18.0312 5768 Deinitialize success
om</Host></Mapping><Mapping ID="570"><IPAddress/><Host>127.0.0.1 advancesoftpc.com</Host></Mapping><Mapping ID="571"><IPAddress/><Host>127.0.0.1 www.advancesoftpc.com</Host></Mapping><Mapping ID="572"><IPAddress/><Host>127.0.0.1 www.advcash.biz</Host></Mapping><Mapping ID="573"><IPAddress/><Host>127.0.0.1 advcash.biz</Host></Mapping><Mapping ID="574"><IPAddress/><Host>127.0.0.1 advert.exaccess.ru</Host></Mapping><Mapping ID="575"><IPAddress/><Host>127.0.0.1 advertisemoney.info</Host></Mapping><Mapping ID="576"><IPAddress/><Host>127.0.0.1 www.advertisemoney.info</Host></Mapping><Mapping ID="577"><IPAddr
-----------------------------------------------
mbam-log-2013-02-12 (17-59-08).txt
-----------------------------------------------
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: EMERALD [administrator]

Protection: Enabled

2/12/2013 5:59:08 PM
mbam-log-2013-02-12 (17-59-08).txt

Scan type: Full scan (D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 524830
Time elapsed: 3 hour(s), 23 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------------------------------------------
NPE log is an xml file and freakin huge. Is it entirely necessary to post? It found 1 thing it didnt like and that was just the network setting in the file aos.exe (Ace of Spades purchased through steam)
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Ok, no need to post the NPE log. I just wanted to know what it found.
You appear to have removed a file that you should not have with TDSSkiller, sptd.sys most likely came with the alcohol program, and is a driver for optical drives, specificly If you are not having an issue with your CD/DVD then I think we can move on. Want to give your optical drive a test and see if it's still working properly?

Are you using skype, or using any P2P programs when you see this IP blocking happening, or does it happen and random times?
There should be a list of IP addresses that are being blocked, can you post that?

Otherwise I don't see any malware on your system so far, but lets take a different look into your system and make sure.

Step 1
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • Fresh MalwareBytes log
  • ESET scan log - careful this one is easy to lose.
  • IP block list from MalwareBytes
  • Any other symptoms?

  • 0

#7
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
generally I always have skype running however these blocks dont appear to happen at consistent times. I've literally been sitting at my computer with nothing but the desktop before me and had malwarebytes say it has blocked traffic. Included is a sample of activity blocked on 4 random days.

-----------------------------------------------------------------
mbam-log-2013-02-20 (20-57-12).txt
-----------------------------------------------------------------
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: EMERALD [administrator]

Protection: Enabled

2/20/2013 8:57:12 PM
mbam-log-2013-02-20 (20-57-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225807
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------
mbam protection logs for 2-14 2-15 2-18 and 2-19
-----------------------------------------------------------------
2013/02/14 00:38:20 -0500 EMERALD Mike IP-BLOCK 222.186.15.17 (Type: incoming)
2013/02/14 02:45:46 -0500 EMERALD Mike IP-BLOCK 37.221.163.26 (Type: incoming)
2013/02/14 15:15:57 -0500 EMERALD MESSAGE Executing scheduled update: Daily
2013/02/14 15:16:12 -0500 EMERALD MESSAGE Starting protection
2013/02/14 15:16:13 -0500 EMERALD MESSAGE Protection started successfully
2013/02/14 15:16:14 -0500 EMERALD MESSAGE Starting IP protection
2013/02/14 15:19:30 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/14 15:19:48 -0500 EMERALD Mike MESSAGE Starting database refresh
2013/02/14 15:19:48 -0500 EMERALD Mike MESSAGE Scheduled update executed successfully: database updated from version v2013.02.13.08 to version v2013.02.14.08
2013/02/14 15:19:48 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/14 15:19:53 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/14 15:20:05 -0500 EMERALD Mike MESSAGE Database refreshed successfully
2013/02/14 15:20:05 -0500 EMERALD Mike MESSAGE Starting IP protection
2013/02/14 15:20:42 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/14 15:35:40 -0500 EMERALD Mike IP-BLOCK 89.28.104.41 (Type: outgoing)
2013/02/14 16:11:16 -0500 EMERALD Mike IP-BLOCK 113.11.194.210 (Type: incoming)
2013/02/14 16:41:44 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 16:41:45 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 16:41:47 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 16:41:48 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 16:41:53 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 16:41:54 -0500 EMERALD Mike IP-BLOCK 109.163.226.76 (Type: incoming)
2013/02/14 17:48:18 -0500 EMERALD Mike IP-BLOCK 222.186.15.20 (Type: incoming)
2013/02/14 19:06:59 -0500 EMERALD Mike IP-BLOCK 222.186.15.32 (Type: incoming)
2013/02/14 20:12:14 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 20:12:16 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 20:12:19 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 20:12:22 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 20:12:25 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 20:12:28 -0500 EMERALD Mike IP-BLOCK 65.49.2.183 (Type: incoming)
2013/02/14 22:15:20 -0500 EMERALD Mike IP-BLOCK 222.186.57.245 (Type: incoming)
2013/02/15 00:06:47 -0500 EMERALD Mike IP-BLOCK 222.186.15.32 (Type: incoming)
2013/02/15 04:11:35 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:36 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:36 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:37 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:37 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:38 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:38 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:39 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 04:11:40 -0500 EMERALD Mike IP-BLOCK 88.85.64.24 (Type: incoming)
2013/02/15 17:12:09 -0500 EMERALD MESSAGE Starting protection
2013/02/15 17:12:11 -0500 EMERALD MESSAGE Protection started successfully
2013/02/15 17:12:11 -0500 EMERALD MESSAGE Starting IP protection
2013/02/15 17:15:35 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/15 21:51:48 -0500 EMERALD Mike IP-BLOCK 222.186.15.17 (Type: incoming)
2013/02/18 03:49:16 -0500 EMERALD Mike IP-BLOCK 193.107.19.154 (Type: incoming)
2013/02/18 06:50:44 -0500 EMERALD Mike IP-BLOCK 118.142.9.221 (Type: outgoing)
2013/02/18 06:50:47 -0500 EMERALD Mike IP-BLOCK 118.142.9.221 (Type: outgoing)
2013/02/18 06:50:53 -0500 EMERALD Mike IP-BLOCK 118.142.9.221 (Type: outgoing)
2013/02/18 16:07:32 -0500 EMERALD MESSAGE Executing scheduled update: Daily
2013/02/18 16:07:39 -0500 EMERALD MESSAGE Starting protection
2013/02/18 16:07:40 -0500 EMERALD MESSAGE Protection started successfully
2013/02/18 16:07:40 -0500 EMERALD MESSAGE Starting IP protection
2013/02/18 16:11:35 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/18 16:11:47 -0500 EMERALD Mike MESSAGE Starting database refresh
2013/02/18 16:11:47 -0500 EMERALD Mike MESSAGE Scheduled update executed successfully: database updated from version v2013.02.17.08 to version v2013.02.18.10
2013/02/18 16:11:47 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/18 16:11:48 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/18 16:11:55 -0500 EMERALD Mike MESSAGE Database refreshed successfully
2013/02/18 16:11:57 -0500 EMERALD Mike MESSAGE Starting IP protection
2013/02/18 16:12:32 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 01:09:03 -0500 EMERALD Mike IP-BLOCK 89.248.168.170 (Type: incoming)
2013/02/19 01:44:44 -0500 EMERALD Mike IP-BLOCK 77.91.231.203 (Type: incoming)
2013/02/19 02:42:17 -0500 EMERALD Mike IP-BLOCK 77.91.231.203 (Type: incoming)
2013/02/19 05:22:16 -0500 EMERALD Mike IP-BLOCK 222.65.128.242 (Type: incoming)
2013/02/19 05:22:17 -0500 EMERALD Mike IP-BLOCK 222.65.128.242 (Type: incoming)
2013/02/19 05:22:18 -0500 EMERALD Mike IP-BLOCK 222.65.128.242 (Type: incoming)
2013/02/19 05:22:19 -0500 EMERALD Mike IP-BLOCK 222.65.128.242 (Type: incoming)
2013/02/19 05:22:20 -0500 EMERALD Mike IP-BLOCK 222.65.128.242 (Type: incoming)
2013/02/19 06:08:59 -0500 EMERALD Mike IP-BLOCK 89.248.168.170 (Type: incoming)
2013/02/19 15:59:12 -0500 EMERALD MESSAGE Executing scheduled update: Daily
2013/02/19 15:59:19 -0500 EMERALD MESSAGE Starting protection
2013/02/19 15:59:19 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 15:59:19 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 16:00:15 -0500 EMERALD MESSAGE Scheduled update executed successfully: database updated from version v2013.02.18.10 to version v2013.02.19.06
2013/02/19 16:02:40 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 16:02:41 -0500 EMERALD Mike MESSAGE Starting database refresh
2013/02/19 16:02:41 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/19 16:02:41 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/19 16:02:58 -0500 EMERALD Mike MESSAGE Database refreshed successfully
2013/02/19 16:02:58 -0500 EMERALD Mike MESSAGE Starting IP protection
2013/02/19 16:03:32 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 16:42:52 -0500 EMERALD MESSAGE Starting protection
2013/02/19 16:42:53 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 16:42:54 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 16:46:18 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 16:54:11 -0500 EMERALD Mike MESSAGE Stopping protection
2013/02/19 16:54:11 -0500 EMERALD Mike MESSAGE Protection stopped successfully
2013/02/19 16:54:11 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/19 16:54:11 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/19 16:54:12 -0500 EMERALD Mike MESSAGE Protection stopped
2013/02/19 17:06:26 -0500 EMERALD MESSAGE Starting protection
2013/02/19 17:06:27 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 17:06:27 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 17:09:08 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 17:18:49 -0500 EMERALD MESSAGE Starting protection
2013/02/19 17:18:49 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 17:18:49 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 17:23:25 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 17:25:17 -0500 EMERALD Mike MESSAGE Stopping protection
2013/02/19 17:25:17 -0500 EMERALD Mike MESSAGE Protection stopped successfully
2013/02/19 17:25:18 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/19 17:25:19 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/19 17:25:28 -0500 EMERALD Mike MESSAGE Protection stopped
2013/02/19 17:34:04 -0500 EMERALD MESSAGE Starting protection
2013/02/19 17:34:04 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 17:34:04 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 17:36:25 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 17:46:37 -0500 EMERALD Mike MESSAGE Stopping protection
2013/02/19 17:46:37 -0500 EMERALD Mike MESSAGE Protection stopped successfully
2013/02/19 17:46:37 -0500 EMERALD Mike MESSAGE Stopping IP protection
2013/02/19 17:46:38 -0500 EMERALD Mike MESSAGE IP Protection stopped successfully
2013/02/19 17:46:38 -0500 EMERALD Mike MESSAGE Protection stopped
2013/02/19 17:51:59 -0500 EMERALD MESSAGE Starting protection
2013/02/19 17:52:00 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 17:52:00 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 17:55:48 -0500 EMERALD Mike MESSAGE IP Protection started successfully
2013/02/19 20:21:02 -0500 EMERALD MESSAGE Starting protection
2013/02/19 20:21:02 -0500 EMERALD MESSAGE Protection started successfully
2013/02/19 20:21:03 -0500 EMERALD MESSAGE Starting IP protection
2013/02/19 20:25:37 -0500 EMERALD Mike MESSAGE IP Protection started successfully

----------------------------------------------------------------------
Eset wouldn't run properly. It would stop at 4% on getting the database with the message "Cannot get update. Is proxy configured properly?". Had antivirus, firewall, and malwarebytes disabled.
(I didn't tell it to use a proxy)
  • 0

#8
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
As for the optical drive it seems to read things just fine so I'm not worried about that. As far as writing I was having issues BEFORE removing that file so I'm not all that worried.
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Glad to hear the optical drive is functional. Please keep in mind that not everything that TDSSkiller finds is malicous, what was removed was just an unsigned driver.
Sometimes the ESET scan won't cooperate with certain systems, we can try a different vendor.
For the blocked IP addresses, I would not worry too much about the blocked incoming, as there are plenty of computers out there scanning ports for various reasons, but I am a little concerned about the outgoing connections that are blocked. While it could be one of the many games you have installed trying to reach out, my research keeps pointing to a P2P program, which I don't see on your system, or Skype, which I do see on your system.
If you would like to experiment, would you consider uninstalling Skype for a day, and see if that stops the outgoing connection?
You can wait until after we run the Kaspersky Security Scan, just in case that sheds some light on the issue.
So first I want to look with Combofix,, then we can move to the kaspersky virus scan.

Step 1

Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 2
Please download the free Kaspersky Security Scan from here

Right click and select Run as Administrator (Vista, Win 7)
At the Setup Wizard, click on Next
Accept the terms of the License Agreement and select Install

If propmted by the UAC, select Yes.
The program will install itself and ask to click on Finish

Click on the Full Scan button, just right of the bottom center.

When it's done scanning, a reports window will pop up. If there is anything found there will be an arrow on the right side of one or more of the categories. Click on the arrow to open the report. Copy and paste the results in your next reply.

In your next reply I would like to see:
  • Combofix log
  • Kaspersky Security Scan results

  • 0

#10
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 13-02-24.01 - Mike 02/24/2013 18:54:02.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3454.2140 [GMT -5:00]
Running from: g:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\docume~1\Mike\LOCALS~1\Temp\AFF1.tmp\F_IN_BOX.dll
g:\documents and settings\Mike\Local Settings\Temp\AFF1.tmp\F_IN_BOX.dll
g:\documents and settings\Mike\Recent\Thumbs.db
G:\install.exe
g:\windows\apppatch\AppLoc.exe
g:\windows\system32\URTTemp
g:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-24 23:37 . 2013-02-24 23:37 56 --sh--r- g:\windows\system32\2A145E44AD.sys
2013-02-24 23:37 . 2013-02-24 23:37 1056 --sha-w- g:\windows\system32\KGyGaAvL.sys
2013-02-20 01:58 . 2010-08-23 01:01 27072 ----a-w- g:\windows\system32\drivers\AFGSp50.sys
2013-02-20 01:58 . 2013-02-20 01:58 -------- d-----w- g:\documents and settings\All Users\Application Data\Affinegy
2013-02-20 01:58 . 2013-02-20 01:58 -------- d-----w- g:\program files\Belkin
2013-02-19 21:55 . 2013-02-19 21:55 -------- d-----w- G:\_OTL
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- g:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 04:06 . 2013-02-13 04:06 -------- d-----w- G:\TDSSKiller_Quarantine
2013-02-13 02:46 . 2013-02-19 23:32 -------- d-----w- g:\documents and settings\Mike\Local Settings\Application Data\NPE
2013-02-13 02:46 . 2013-02-13 02:46 -------- d-----w- g:\documents and settings\All Users\Application Data\Norton
2013-02-12 04:58 . 2013-02-15 11:25 -------- d-----w- G:\GOG Games
2013-02-08 05:20 . 2013-02-08 05:20 -------- d-----w- g:\documents and settings\Mike\Local Settings\Application Data\Muse Games
2013-02-01 23:28 . 2013-02-01 23:28 143872 ----a-w- g:\windows\system32\javacpl.cpl
2013-02-01 23:28 . 2013-02-01 23:28 94112 ----a-w- g:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-15 22:02 . 2012-04-02 14:51 691568 ----a-w- g:\windows\system32\FlashPlayerApp.exe
2013-02-15 22:02 . 2011-10-06 03:22 71024 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-01 23:28 . 2012-06-22 15:54 861088 ----a-w- g:\windows\system32\npdeployJava1.dll
2013-02-01 23:28 . 2011-10-06 19:48 782240 ----a-w- g:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- g:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-14 12:00 2148864 ----a-w- g:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- g:\windows\system32\ntkrnlpa.exe
2013-01-04 16:59 . 2003-10-17 16:44 499712 ----a-w- g:\windows\system32\msvcp71.dll
2013-01-04 16:59 . 2003-10-17 16:44 348160 ----a-w- g:\windows\system32\msvcr71.dll
2013-01-04 01:20 . 2008-04-14 12:00 1867264 ----a-w- g:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- g:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1292288 ----a-w- g:\windows\system32\quartz.dll
2012-12-26 20:16 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-04-14 12:00 43520 ----a-w- g:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-04-14 12:00 1469440 ------w- g:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-14 12:00 385024 ----a-w- g:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- g:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-10-03 01:23 21104 ----a-w- g:\windows\system32\drivers\mbam.sys
2012-12-07 13:22 . 2012-12-07 13:22 444952 ----a-w- g:\windows\system32\wrap_oal.dll
2012-12-07 13:22 . 2012-12-07 13:22 109080 ----a-w- g:\windows\system32\OpenAL32.dll
2013-02-08 05:45 . 2013-02-08 05:45 262552 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- g:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 17:28 97064 ----a-w- g:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="g:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="g:\program files\Steam\steam.exe" [2013-02-15 1597864]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="g:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"LightScribe Control Panel"="g:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"EVGAPrecision"="g:\program files\EVGA Precision\EVGAPrecision.exe" [2010-09-07 355432]
"IMJPMIG8.1"="g:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="g:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="g:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="g:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"LWS"="g:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"RemoteControl"="g:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"avast"="g:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"NeroFilterCheck"="g:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"SecurDisc"="g:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-08-08 2049320]
"InCD"="g:\program files\Nero\Nero8\InCD\InCD.exe" [2008-08-08 1083176]
"DivXUpdate"="g:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2012-05-15 108352]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"nwiz"="g:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"APSDaemon"="g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"LogMeIn Hamachi Ui"="g:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="g:\program files\real\realplayer\update\realsched.exe" [2013-01-04 295072]
"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"InstaLAN"="g:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2012-02-23 1885088]
.
g:\documents and settings\Mike\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - g:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-3-13 344064]
.
g:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - g:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]
ScheduleTV.lnk - g:\program files\honestech\honestech TVR\scheduleTV.exe [2011-10-5 307200]
WD Quick View.lnk - g:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-05 22:09 87456 ----a-w- g:\windows\system32\LMIinit.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SPMTray"="c:\program files\PC Speed Maximizer\SPMTray.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"g:\\Program Files\\GOG.com\\Arcanum\\Arcanum.exe"=
"g:\\Documents and Settings\\Mike\\Desktop\\Gproxy+Ghost\\Ghost\\ghost.exe"=
"g:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"g:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"g:\\Program Files\\Starcraft\\StarCraft.exe"=
"g:\\Documents and Settings\\Mike\\Desktop\\Gproxy+Ghost\\Gproxy\\gproxy.exe"=
"g:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"g:\\Program Files\\Steam\\Steam.exe"=
"g:\\WINDOWS\\system32\\PnkBstrA.exe"=
"g:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Mount and Blade\\runme.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\lone survivor\\LoneSurvivor\\LoneSurvivor.exe"=
"g:\\Program Files\\Messenger\\msmsgs.exe"=
"g:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Universe at War Earth Assault\\UAWEA.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\eufloria\\Eufloria.exe"=
"g:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\runme.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Super Hexagon\\superhexagon.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\BIT.TRIP RUNNER\\RUNNER.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Retro City Rampage\\retrocityrampage.exe"=
"g:\\Program Files\\ZSNES\\zsnesw.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Multiwinia\\multiwinia.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Frozen Synapse\\FrozenSynapse.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Universe at War Earth Assault\\LaunchUAW.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Defcon\\defcon.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Sanctum\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"g:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Natural Selection 2\\NS2.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Trine\\trine_launcher.exe"=
"g:\\GOG Games\\Baldur's Gate\\BGMain2.exe"=
"g:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\GOG Games\\tutu\\bgmain.exe"=
"g:\\GOG Games\\Baldur's Gate 2\\BGMain.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\gamemaker_studio\\GameMakerPlayer.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\the walking dead\\WalkingDead101.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\aceofspades\\aos.exe"=
"g:\\Program Files\\Steam\\steamapps\\common\\Guns of Icarus Online\\GunsOfIcarusOnline.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:6112
"6112:UDP"= 6112:UDP:6112 2
"6113:TCP"= 6113:TCP:6113
"6113:UDP"= 6113:UDP:6113 udp
"6114:TCP"= 6114:TCP:6114
"6114:UDP"= 6114:UDP:6114 2
"6115:TCP"= 6115:TCP:6115
"6115:UDP"= 6115:UDP:6115 2
.
R1 aswSnx;aswSnx;g:\windows\system32\drivers\aswSnx.sys [1/26/2012 2:24 AM 738504]
R1 aswSP;aswSP;g:\windows\system32\drivers\aswSP.sys [1/26/2012 2:24 AM 361032]
R2 713xTVCard;SAA7130 TV Card;g:\windows\system32\drivers\SAA713x.sys [3/15/2005 11:00 AM 277504]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 2:24 AM 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;g:\program files\LogMeIn Hamachi\hamachi-2.exe [12/10/2012 5:29 PM 1435568]
R2 MBAMScheduler;MBAMScheduler;g:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/10/2012 4:34 AM 398184]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/2/2010 8:23 PM 682344]
R2 NeroRegInCDSrv;Nero Registry InCD Service;g:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 12:28 PM 53032]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;g:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
R2 Skype C2C Service;Skype C2C Service;g:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]
R2 UMVPFSrv;UMVPFSrv;g:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]
R2 WDDMService;WDDMService;g:\program files\Western Digital\WD SmartWare\WDDMService.exe [8/1/2011 10:11 AM 263056]
R2 WDMTVTuner;Universal WDM TV Tuner;g:\windows\system32\drivers\WDMTuner.sys [10/5/2011 11:23 PM 21760]
R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [10/2/2010 8:23 PM 21104]
R3 RTCore32;RTCore32;g:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\g:\program files\LogMeIn\x86\RaInfo.sys --> g:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;g:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S2 WDFMEService;WDFMEService;g:\program files\Western Digital\WD SmartWare\WDFME.exe [8/1/2011 10:11 AM 1592208]
S2 WDRulesService;WDRulesService;g:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [8/1/2011 10:11 AM 1091984]
S3 MHIKEY10;MHIKEY10;g:\windows\system32\drivers\MHIKEY10.sys [2/10/2011 4:34 AM 51968]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;g:\windows\system32\drivers\wdcsam.sys [2/27/2012 8:43 AM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 16:12 451872 ----a-w- g:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 g:\windows\Tasks\Adobe Flash Player Updater.job
- g:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:02]
.
2013-02-20 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-02-25 g:\windows\Tasks\avast! Emergency Update.job
- g:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 23:50]
.
2013-01-18 g:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 01:33]
.
2013-02-25 g:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2013-02-25 g:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 01:31]
.
2013-02-25 g:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2013-02-24 g:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2013-02-25 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
2013-01-25 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1580818891-1801674531-1003.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://192.168.1.254/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - g:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Send to &Bluetooth Device... - g:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - g:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - g:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\bwjidao3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-23247605.sys
AddRemove-BattlEye for OA - g:\gog games\ARMA II - Combined Operations\Expansion\BattlEye\UnInstallBE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-1580818891-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,2d,aa,b2,36,93,14,f7,ce,f5,62,4f,6d,b5,d2,80,e1,22,97,76,a0,98,10,
1b,cc,0a,ac,00,85,a6,cb,5d,13,0e,f8,4b,b0,1e,25,ac,d2,4b,50,f6,ee,4c,16,b8,\
"??"=hex:a4,ad,69,21,e3,cc,b8,6e,8d,59,aa,09,a1,ab,4b,a5
.
[HKEY_USERS\S-1-5-21-1844237615-1580818891-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:31,d3,ef,78,74,05,d0,b1,8c,79,56,29,97,e8,a1,e6,58,6b,6a,95,53,
74,c4,ed,ad,8a,7b,ff,d8,8e,78,75,3b,c1,cf,d4,08,16,8d,39,9f,b4,69,d8,fd,bd,\
"rkeysecu"=hex:f5,a7,c2,0e,c1,98,2f,44,e6,13,3f,d1,4e,ea,cd,2d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,01,24,30,39,78,32,89,02,78,77,df,df,ec,d2,36,41,e1,8d,b4,e6,
3c,26,0c,ed,70,41,70,b9,b8,31,13,f2,62,43,48,5c,f5,75,ed,7d,5c,af,3d,36,72,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,01,24,30,39,78,32,89,02,78,77,df,df,ec,d2,36,41,e1,8d,b4,e6,
3c,26,0c,ed,70,41,70,b9,b8,31,13,f2,62,43,48,5c,f5,75,ed,7d,5c,af,3d,36,72,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
g:\windows\system32\LMIinit.dll
g:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(956)
g:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3908)
g:\windows\system32\WININET.dll
g:\windows\system32\msi.dll
g:\program files\Nero\Nero8\InCD\NBHShx.dll
g:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
g:\program files\Nero\Nero8\InCD\NBHStr.dll
g:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
g:\windows\system32\btmmhook.dll
g:\windows\system32\ieframe.dll
g:\windows\system32\webcheck.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\nvLsp.dll
g:\windows\system32\btncopy.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
g:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
g:\program files\AVAST Software\Avast\AvastSvc.exe
g:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
g:\program files\Bonjour\mDNSResponder.exe
g:\program files\Nero\Nero8\InCD\InCDsrv.exe
g:\program files\Java\jre7\bin\jqs.exe
g:\program files\Common Files\LightScribe\LSSrvc.exe
g:\windows\system32\nvsvc32.exe
g:\windows\system32\PnkBstrA.exe
g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
g:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
g:\windows\RTHDCPL.EXE
g:\windows\system32\rundll32.exe
g:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
g:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
g:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
g:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
g:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
g:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2013-02-24 19:13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-25 00:13
.
Pre-Run: 119,318,183,936 bytes free
Post-Run: 119,287,250,944 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BE0F229181D4701B7CCEB87574EEEE64
---------------------------------------------------------
Kapersky
----------------------------------------------------------
Detailed report
Problems found
Scanning date:

Database update date:


Product version: 02/25/2013 01:10 AM

02/24/2013 03:33 PM


12.0.1.117 (a.b)

Computer protection (0)

Information about anti-virus software and firewalls installed on the computer.

Malware (0)

Information about malware detected on the computer.

Vulnerabilities (3)

Information about applications and operating system components in which vulnerabilities have been detected.

G:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
G:\Program Files\Chat Messenger\bin\chat-messenger.exe
G:\WINDOWS\system32\msxml4.dll

Other issues (14)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Windows Explorer - show extensions of known file types"
"Microsoft Internet Explorer: clear history of typed URLs"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: delete cookies"
"Microsoft Internet Explorer: clear the list of trusted domains"
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Windows Explorer: display of known file types extensions is disabled"
"Microsoft Internet Explorer: start page reset"
  • 0

Advertisements


#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Are the strange ip addresses still being blocked by MBAM?
  • 0

#12
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Haven't noticed any lately (and I've still been running skype). Still not seeing consistency with my tray though. :/
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Sorry for the delay, I think they are trying to kill me at work.

At this point I would like to remove my tools, as I can see no malware in any of the logs we generated.
I would also like to see you defragment your system drive as it is very fragmented. It's not an SSD, correct?
The Windows defrag program is suffecient, but the Puran Defrag Free Edition is a little bit better.
Either one will do the job.
For the Windows defrag utility, click on Start, then My Computer. Right click on your system drive G: and select Properties.
In the Properties windows, click on the Tools tab, then click on Defragment Now.
You can choose to Analyze first, or go right to the Defragment button. Since your system drive is 20% fragmented, the process might take a long time, so maybe an overnight run would be the best way to do it, have it work while you are sleeping :)

Back when we ran Security Check, Java 7 update 13 was current, but I just installed update 15 last night, so please check your Java version and update it if necessary.
If you don't use Java it is advisable to remove it completely as it's one of the most exploited programs these days. Instructions are in my cleanup speech below.

For your tray icons not showing up sometimes, that's a bit beyond my scope here - it would be better for you to make a new topic in the XP forum here
First try the defrag, it should make your disk access faster, which just may help the startup issue.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Uninstall ComboFix

  • Press the Windows key and R on the keyboard, this opens the Run box
  • In the run box, please type Combofix / Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the instructions on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go Start > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#14
AtomicSG

AtomicSG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Its still not acting right. Tray icon loads are inconsistant, trying to run a selective startup with msconfig doesnt seem to change anything, the same processes still load. And taking a look with spybot at the startup items it is seeing shows me a (disabled) entry for c:\Program Files\PC Speed Maximizer\SPMTray.exe which doesn't make sense for 2 reasons. 1)I never installed anything of the such and 2)I'm not, nor have I ever since installing this copy of windows been, running a C drive. My drives are registered as G for local and D for storage.
  • 0

#15
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi,
Msconfig is more of a diagnostic utility, not really meant to control your startups.
You can download Autoruns from here, it's a Microsoft product.
When you first run it, it will start at the Everything tab, so switch over to the Logon tab. This is a list of what programs start when your computer starts.
It is advisable to only uncheck the entries that you want to disable and not delete them, just in case.
If you would like me to go over the log, you can save it by going to File, Save, make sure you change the file type to .txt, then save the file.
Copy and paste it in to your next reply, and I would be glad to see what is not necessary to start automatically.

That is strange that you have a c: drive reference. That program is a very unnecessary registry cleaning program, and if it's in the autoruns list, we can remove it.
I would think that most installers would know where your system drive is located, but you never know with flaky programs like that.

Have you ran a defrag yet?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP