Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svchost (LocalService) downloading files continuously to C: drive

Started by biggy c , Mar 27 2013 05:37 PM

  • Please log in to reply

#16
RKinner
Posted 12 April 2013 - 06:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

File::
C:\Windows\System32\Drivers\utqymjgy.sys

Driver::
utqymjgy

RootKit::
C:\Windows\System32\Drivers\utqymjgy.sys



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

Advertisements

#17
biggy c
Posted 13 April 2013 - 04:39 PM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Here's the log:

ComboFix 13-04-12.02 - Administrator 2013/04/13   8:42.6.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3327.2307 [GMT -3:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\utqymjgy.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_utqymjgy
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-13 to 2013-04-13  )))))))))))))))))))))))))))))))
.
.
2013-04-13 12:01 . 2013-04-13 12:01	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-13 12:01 . 2013-04-13 12:01	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-13 12:01 . 2013-04-13 12:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-10 16:23 . 2013-04-04 17:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-10 16:23 . 2013-04-10 16:23	--------	d-----w-	c:\users\Administrator\AppData\Local\Programs
2013-04-09 21:27 . 2013-04-13 22:17	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-03-30 17:08 . 2013-03-30 17:08	--------	d-----w-	C:\_OTL
2013-03-17 14:47 . 2012-07-11 20:45	2474608	----a-w-	C:\Procmon.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 12:01 . 2010-11-06 17:21	7168	----a-w-	c:\windows\system32\drivers\utqymjgy.sys
2013-03-26 23:01 . 2011-05-19 00:51	602112	----a-w-	C:\OTL.exe
2009-11-20 00:08 . 2009-11-20 00:08	3749224	----a-w-	c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 00:08 . 2009-11-20 00:08	2941288	----a-w-	c:\program files\Common Files\adlmint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50	121528	----a-w-	d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2013-03-29 1631144]
"NVIDIA nTune"="g:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"PlusService"="d:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"TortoiseHgOverlayIconServer"="g:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-07-03 47880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=mapledxp.dll
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2011-10-23 20:07	1044992	----a-w-	g:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-07-01 17:44	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-02-03 10:40	394984	----a-w-	d:\program files\Sandboxie\SbieCtrl.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 gupdate1c9e9c75b191954;Google Update Service (gupdate1c9e9c75b191954);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TunngleService;TunngleService;g:\program files\Tunngle\TnglCtrl.exe [x]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\DRIVERS\V0510Vid.sys [x]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\DRIVERS\V0510Vfx.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.SYS [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai	REG_MULTI_SZ   	Akamai
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/news
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/news
FF - ExtSQL: 2013-03-10 14:04; {30E08C68-889E-11E0-95EF-DA7E4824019B}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{007811BF-E310-4285-BFC6-55DB29B3EDDE} - c:\progra~2\INSTAL~2\{00781~1\Setup.exe
.
.
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:/UDK/Perforce/P4VResources/p4ob.exe]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\08\05\05\03 $W"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2780)
d:\program files\Xfire\xfire_toucan_45547.dll
g:\program files\TortoiseHg\ThgShellx86.dll
c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll
d:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
d:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\LogMeIn\x86\RaMaint.exe
g:\program files\Alias\Maya7.0\docs\wrapper.exe
g:\program files\NVIDIA Corporation\nTune\nTuneService.exe
g:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\windows\system32\conhost.exe
d:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
d:\program files\MagicDisc\MagicDisc.exe
d:\program files\Xfire\Xfire.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-04-13  19:24:38 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-13 22:24
ComboFix2.txt  2013-04-09 22:02
.
Pre-Run: 24,175,419,392 bytes free
Post-Run: 21,110,591,488 bytes free
.
- - End Of File - - DC590CCBFC4B6AE1131BF4C559989A96

  • 0

#18
RKinner
Posted 13 April 2013 - 06:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Combofix says it fixed the utqymjgy service but utqymjgy.sys came back again. Let's try OTL again and see what it finds:


Copy the text in the code box:

/md5start
utqymjgy.sys
/md5stop
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#19
biggy c
Posted 14 April 2013 - 11:56 AM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Here's the log:

OTL logfile created on: 2013/04/14 1:54:16 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 35.48% Memory free
10.50 Gb Paging File | 7.58 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 23.17 Gb Free Space | 28.96% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 12.36 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 433.62 Gb Free Space | 23.27% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/29 16:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 18:16:37 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/14 16:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:22 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/03/29 16:53:56 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/26 21:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/25 19:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2012/12/18 18:16:37 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/14 16:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2012/12/11 14:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 14:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 14:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/12/25 16:54:57 | 000,028,160 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/07/18 18:04:08 | 000,296,448 | ---- | M] () -- G:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/07/12 17:10:00 | 000,107,008 | ---- | M] () -- G:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2010/07/04 18:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/05/15 14:58:55 | 000,410,432 | ---- | M] () -- D:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/26 02:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]
 
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2013/04/13 19:16:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/04/13 19:16:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/13 19:16:35 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2013/04/13 08:41:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/13 08:41:20 | 000,000,000 | ---D | C] -- \ComboFix
[2013/04/10 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 13:23:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/09 15:53:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 15:53:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 15:53:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- \Qoobox
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- \_OTL
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/04/14 13:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 12:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 19:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 19:16:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/13 09:01:32 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utqymjgy.sys
[2013/04/10 15:46:18 | 003,773,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 13:23:41 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 19:29:07 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/09 19:29:07 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/04/09 19:29:07 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/04/09 19:29:07 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/04/10 13:23:41 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 15:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 15:53:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 15:53:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 15:53:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 15:53:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< MD5 for: UTQYMJGY.SYS  >[/color]
[2013/04/13 09:01:32 | 000,007,168 | ---- | M] () MD5=72057372E51C9F9FB6E6D3DBB8E345DE -- C:\Windows\System32\drivers\utqymjgy.sys
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/02/28 17:57:15 | 000,015,658 | ---- | M] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2011/02/28 17:57:15 | 000,015,658 | ---- | C] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2010/10/30 19:36:33 | 000,221,216 | ---- | M] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(\?????.mp3.sfk) -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:59 | 002,567,549 | ---- | M] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(\?????.mp3) -- \東方幻奏箱.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | M] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(\EastNewSound ??????(x?y).mp3) -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:19 | 004,729,658 | ---- | M] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3

< End of report >

  • 0

#20
RKinner
Posted 14 April 2013 - 01:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Combofix is correct. The file came back. Not sure what is doing it but at least it did not recreate the driver in the registry so it's not active. Let's see if ESET will find it:

se IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

How is it running now?
  • 0

#21
biggy c
Posted 17 April 2013 - 08:02 PM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Everything does seem to be running fine so far; nothing is being downloaded into that Content.IE5 folder anymore.

Here's the ESET log:

C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n.vir	a variant of Win32/Kryptik.AVDA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]	Win32/Sirefef.FA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]	a variant of Win32/Sirefef.FL trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\drivers\200429017a5e0442.sys.vir	a variant of Win32/Rootkit.Kryptik.TW trojan	cleaned by deleting - quarantined
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1390e8e4-2746c3a2	Win32/PSW.Fareit.A trojan	cleaned by deleting - quarantined
C:\Windows\System32\drivers\utqymjgy.sys	Win32/Small.NIT.Gen trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04022013_181648\C_Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}\syshost.exe	Win32/TrojanDownloader.Necurs.B trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04092013_110838\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n	a variant of Win32/Kryptik.AVDA trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04092013_110838\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@	Win32/Sirefef.FA trojan	cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04092013_110838\C_$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\800000cb.@	a variant of Win32/Sirefef.FL trojan	cleaned by deleting - quarantined

And here's the Bitdefender log:


QuickScan 32-bit v0.9.9.119
---------------------------
Scan date:  Wed Apr 17 22:42:36 2013
Machine ID: C20058C9

C:\Users\Administrator\.swt\lib\win32\x86\swt-win32-4233.dll - could not be accessed
  --> Process Azureus.exe (5032)
C:\Users\Administrator\.swt\lib\win32\x86\swt-gdip-win32-4233.dll - could not be accessed
  --> Process Azureus.exe (5032)


No infection found.
-------------------



Processes
---------
            Adobe Acrobat Update Service             2736    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
            Adobe Reader and Acrobat Manager         3628    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
            Akamai NetSession Client                 3948    C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
            Akamai NetSession Client                 3836    C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
            avast! Antivirus                         1652    D:\Program Files\AVAST Software\Avast\AvastSvc.exe
            avast! Antivirus                         3584    D:\Program Files\AVAST Software\Avast\AvastUI.exe
            Firefox                                  5424    D:\Program Files\Mozilla Firefox\firefox.exe
            Firefox                                  4284    D:\Program Files\Mozilla Firefox\plugin-container.exe
            Firefox                                  4120    D:\Program Files\Mozilla Firefox\plugin-container.exe
            Hamachi Client                           2972    D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
            Hamachi Client                           2836    D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
            Java(TM) Platform SE Auto Updater 2 0    5660    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
            Java(TM) Platform SE Auto Updater 2 0    3696    C:\Program Files\Common Files\Java\Java Update\jusched.exe
            java.exe                                 2400    G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
            Live! Cam Console Auto Launcher          2252    C:\Windows\V0510Mon.exe
            LMIGuardianSvc                           2928    D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
            Logitech GamePanel Software              2200    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
            Logitech GamePanel Software              2220    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
            Logitech GamePanel Software              2164    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
            LogMeIn                                  3084    D:\Program Files\LogMeIn\x86\LogMeIn.exe
            LogMeIn                                  3008    D:\Program Files\LogMeIn\x86\ramaint.exe
            MagicDisc                                3844    D:\Program Files\MagicDisc\MagicDisc.exe
            Media Player Classic - Home Cinema       8080    D:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exe
            Messenger Plus! 5                        2284    D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
            Microsoft® Windows® Operating System     1896    C:\Windows\explorer.exe
            Microsoft® Windows® Operating System     2440    C:\Windows\System32\conhost.exe
            Microsoft® Windows® Operating System      452    C:\Windows\System32\csrss.exe
            Microsoft® Windows® Operating System      524    C:\Windows\System32\csrss.exe
            Microsoft® Windows® Operating System      584    C:\Windows\System32\lsm.exe
            Microsoft® Windows® Operating System      560    C:\Windows\System32\services.exe
            Microsoft® Windows® Operating System      316    C:\Windows\System32\smss.exe
            Microsoft® Windows® Operating System     6896    C:\Windows\System32\sppsvc.exe
            Microsoft® Windows® Operating System      760    C:\Windows\System32\taskhost.exe
            Microsoft® Windows® Operating System     3152    C:\Windows\System32\taskhost.exe
            Microsoft® Windows® Operating System     3692    C:\Windows\System32\taskhost.exe
            Microsoft® Windows® Operating System      512    C:\Windows\System32\wininit.exe
            Microsoft® Windows® Operating System      652    C:\Windows\System32\winlogon.exe
            Microsoft® Windows® Operating System     1496    C:\Windows\System32\WUDFHost.exe
            Microsoft® Windows® Operating System     1444    C:\Windows\System32\WUDFHost.exe
            NVIDIA Driver Helper Service, Version 3   820    C:\Windows\System32\nvvsvc.exe
            NVIDIA Driver Helper Service, Version 3  1368    C:\Windows\System32\nvvsvc.exe
            NVIDIA nTune                             3244    C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
            NVIDIA nTune                             3448    G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
            NVIDIA Settings                          3504    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
            NVIDIA User Experience Driver Component  1348    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
            Realtek HD Audio Manager                 3648    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
            Sandboxie                                1636    D:\Program Files\Sandboxie\SbieSvc.exe
            Shockwave Flash                          1264    C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
            Shockwave Flash                          7220    C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
            Skype                                    5084    C:\Program Files\Skype\Phone\Skype.exe
            Skype Extras Manager                     6360    C:\Program Files\Skype\Plugin Manager\skypePM.exe
            Steam Client Bootstrapper                3744    D:\Program Files\Steam\Steam.exe
            Stereo Vision Control Panel API Server    844    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
            TortoiseHg                               3680    G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
            Vuze                                     5032    C:\Program Files\Vuze\Azureus.exe
            Windows Live Communications Platform     5604    C:\Program Files\Windows Live\Contacts\wlcomm.exe
            Windows Live Messenger                   6012    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            wrapper.exe                              3420    G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
(verified)  LogMeIn                                  2228    D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(verified)  Microsoft Search Enhancement Pack        1980    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(verified)  Microsoft® Windows® Operating System     1440    C:\Windows\System32\dwm.exe
(verified)  Microsoft® Windows® Operating System      576    C:\Windows\System32\lsass.exe
(verified)  Microsoft® Windows® Operating System     1728    C:\Windows\System32\spoolsv.exe
(verified)  Microsoft® Windows® Operating System      744    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2756    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2800    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1556    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1736    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1472    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1492    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1212    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1048    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     2560    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     1020    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System     4776    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      896    C:\Windows\System32\svchost.exe
(verified)  Microsoft® Windows® Operating System      960    C:\Windows\System32\svchost.exe


Network activity
----------------
Process LogMeIn.exe (3084) connected on port 80 (HTTP) --> 64.94.18.144
Process Azureus.exe (5032) connected on port 17964 --> 126.26.238.49
Process Azureus.exe (5032) connected on port 10947 --> 68.63.203.52
Process Azureus.exe (5032) connected on port 39511 --> 59.10.79.84
Process Azureus.exe (5032) connected on port 54184 --> 70.77.168.210
Process Azureus.exe (5032) connected on port 53815 --> 184.0.12.240
Process Azureus.exe (5032) connected on port 27572 --> 125.198.213.105
Process Azureus.exe (5032) connected on port 20988 --> 142.196.107.112
Process Azureus.exe (5032) connected on port 20311 --> 171.100.182.139
Process Azureus.exe (5032) connected on port 60489 --> 151.24.189.70
Process Skype.exe (5084) connected on port 40043 --> 157.56.52.15
Process firefox.exe (5424) connected on port 80 (HTTP) --> 67.228.168.216
Process firefox.exe (5424) connected on port 443 (HTTP over SSL) --> 69.171.248.16
Process firefox.exe (5424) connected on port 443 (HTTP over SSL) --> 173.252.100.27
Process firefox.exe (5424) connected on port 80 (HTTP) --> 23.33.15.139
Process firefox.exe (5424) connected on port 80 (HTTP) --> 74.125.226.1
Process firefox.exe (5424) connected on port 80 (HTTP) --> 74.125.226.1
Process msnmsgr.exe (6012) connected on port 1863 (MSN) --> 64.4.61.175

Process wininit.exe (512) listens on ports: 49152 (RPC)
Process services.exe (560) listens on ports: 49272
Process lsass.exe (576) listens on ports: 49155 (RPC)
Process svchost.exe (896) listens on ports: 135 (RPC)
Process svchost.exe (960) listens on ports: 49153 (RPC)
Process svchost.exe (1048) listens on ports: 49154 (RPC)
Process java.exe (2400) listens on ports: 4449
Process LogMeIn.exe (3084) listens on ports: 2002 (Cisco ACS)
Process Azureus.exe (5032) listens on ports: 46124, 50393, 52576
Process Skype.exe (5084) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 47493


Autoruns and critical files
---------------------------
            Adobe Acrobat                            C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
            Adobe CS5 Service Manager                C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
            Adobe Reader and Acrobat Manager         C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
            Adobe Updater Startup Utility            C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
            Adobe® Flash® Player Installer/Uninstal  C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe
            Akamai NetSession Client                 C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
            avast! Antivirus                         D:\Program Files\AVAST Software\Avast\AvastUI.exe
            Ave's Vista Folder Background            C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
            GrooveShellExtensions Module             C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
            Hamachi Client                           D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
            Java(TM) Platform SE Auto Updater 2 0    C:\Program Files\Common Files\Java\Java Update\jusched.exe
            Live! Cam Console Auto Launcher          C:\Windows\V0510Mon.exe
            Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
            Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
            Logitech GamePanel Software              C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
            MagicDisc                                D:\Program Files\MagicDisc\MagicDisc.exe
            Messenger Plus! 5                        D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
            Microsoft® Windows® Operating System     C:\Windows\System32\DreamScene.dll
            NVIDIA nTune                             G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
            Realtek HD Audio Manager                 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
            SBSV 2010/02/19-11:02:07                 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
            Steam Client Bootstrapper                D:\Program Files\Steam\Steam.exe
            TortoiseHg                               G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
            Windows Live Messenger                   C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            Windows® Internet Explorer               c:\windows\system32\webcheck.dll
            Xfire                                    D:\Program Files\Xfire\Xfire.exe
(verified)  Google Update                            C:\Program Files\Google\Update\GoogleUpdate.exe
(verified)  LogMeIn                                  D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(verified)  Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe


Browser plugins
---------------
            AcroIEHelperShim Library                 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
            Adobe Acrobat                            C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
            Adobe Acrobat                            C:\Program Files\Internet Explorer\plugins\nppdf32.dll
            Adobe Acrobat                            D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
            avast! Antivirus                         d:\program files\avast software\avast\aswwebrepie.dll
            Bitdefender QuickScan                    C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
            Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
            getPlus+(R)                              C:\Windows\Downloaded Program Files\gp.ocx
            getPlusPlus for Adobe 16299              C:\Program Files\NOS\bin\np_gp.dll
            getPlusPlus for Adobe 16299              D:\Program Files\Mozilla Firefox\plugins\np_gp.dll
            Google Earth Plugin                      C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
            Google Update                            C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
            GrooveShellExtensions Module             C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
            InstallShield Update Service             C:\Windows\Downloaded Program Files\isusweb.dll
            Java Deployment Toolkit 7.0.70.11        C:\Windows\system32\npDeployJava1.dll
            Java(TM) Platform SE 7 U9                c:\program files\java\jre7\bin\jp2ssv.dll
            Java(TM) Platform SE 7 U9                C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
            Java(TM) Platform SE 7 U9                c:\program files\java\jre7\bin\ssv.dll
            Nexon Game Controller                    C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
            npLMI64.dll                              C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npLMI64.dll
            npRACtrl.dll                             C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npRACtrl.dll
            NPSWF32_11_5_502_135.dll                 C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
            NVIDIA 3D Vision                         C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
            NVIDIA 3D VISION                         C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
            Pando Web Plugin                         C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
            QUAKE LIVE                               C:\ProgramData\id Software\QuakeLive\npquakezero.dll
            Shockwave for Director                   C:\Windows\system32\Adobe\Director\np32dsw.dll
            Silverlight Plug-In                      C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
            unagiuninst.exe                          C:\Windows\Downloaded Program Files\unagiuninst.exe
            Unity Player                             C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
            Windows® Internet Explorer               C:\Windows\System32\ieframe.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.exe
(verified)  Microsoft Search Enhancement Pack        c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
(verified)  Microsoft® Windows Live Login Helper     c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\mswsock.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\napinsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: D:\Program Files\Ares\Ares.exe
  --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ares"


Scan
----
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474  C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 505f022493d471025add399a4162208b  C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 0af89452a8ce3928168f4e5b2208c68b  C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
MD5: 23dbba1d69253cf864ca2d58bbde7f64  C:\Program Files\BandiMPEG1\bdfilters.dll
MD5: 1f5a570ad942dfcfe4500326abdd72b2  C:\Program Files\Bonjour\mdnsNSP.dll
MD5: 73686fe0b2e0469f89fd2075be724704  C:\Program Files\Bonjour\mDNSResponder.exe
MD5: ba0ed7aa3c36a8da27ded1d6b3508158  c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 3cb07566302bceeb898de270a0bec175  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 27cffb1e41a2be2a25957a679bd84e10  C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MD5: f577910a133a592234ebaad3f3afa258  C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: c7074bd8d4b8f564859ed373433030ae  c:\program files\common files\akamai/netsession_win_ca0e279.dll
MD5: c7074bd8d4b8f564859ed373433030ae  c:\program files\common files\akamai\netsession_win_ca0e279.dll
MD5: ea010df7e4cb9dd13ccb026a7af275e5  C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll
MD5: 06c1e887bf34c0e31eb8e2c999e4842f  C:\Program Files\Common Files\BattlEye\BEService.exe
MD5: 5dfe72b9f1ff669070fc032090b7b982  C:\Program Files\Common Files\Java\Java Update\jucheck.exe
MD5: 12916e0642e92561c98b18a2a2d01b14  C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: d60ef46dc0e757fe5eb579db95b88954  C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: 7d768a6e494a0b28a7d49ae6859d3296  C:\Program Files\Common Files\Steam\SteamService.exe
MD5: 3c4c6be926a2ef0293315bbc014e477f  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
MD5: e971e06dde68684cb3957c5d0e133cb0  C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: e0ff893763ba82baabb869a351f0c455  C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e  C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0  C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 966cd21542a62f9ab237d84c451cc137  c:\program files\java\jre7\bin\client\jvm.dll
MD5: b98f28229d292b99ff449ff3647f31ba  c:\program files\java\jre7\bin\java.dll
MD5: eb47e405a9222ca595e5e763b4156529  c:\program files\java\jre7\bin\jp2ssv.dll
MD5: 1eb1ed43bd1ec606b5222d467cc32245  C:\Program Files\Java\jre7\bin\management.dll
MD5: 2e4a927544cda0279501aa757fffb538  C:\Program Files\Java\jre7\bin\net.dll
MD5: 805766a11e747a44c7c5fbd7f26e9001  C:\Program Files\Java\jre7\bin\nio.dll
MD5: c04fcb7eebeb5097b30468828f20fb9e  C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a7a6954e500715117b64b414ab81cb44  c:\program files\java\jre7\bin\ssv.dll
MD5: fd53bd3522d236dbbe1028fec86b6325  C:\Program Files\Java\jre7\bin\sunec.dll
MD5: 139950f5dabfcbab9f5c5531943a0469  C:\Program Files\Java\jre7\bin\sunmscapi.dll
MD5: 2d168a9627cfce9c5ac20a90e54d66d4  c:\program files\java\jre7\bin\verify.dll
MD5: 9d54d4a8c18081f398fec0d839340542  c:\program files\java\jre7\bin\zip.dll
MD5: c93178333460abd59a008f7f9215d930  C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
MD5: 4dcc6730686e918ecf69fd57dba44379  C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDRes.dll
MD5: 241b3eec649969c3eaf09fdf0eb4e86b  C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDDevices\EDMBTDD.dll
MD5: d6c3004fbb8b416c17c49a6611d8a4f7  C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDDevices\LCDExtDevMngrEmulator.dll
MD5: 0b7edb7d060863c0f1a65bf109c7cb30  C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
MD5: c89d7530b14ce325a4ad6e93e5d073e6  C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdApi.dll
MD5: 853e84a458d4d06bff170e24318eb6f8  C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
MD5: 451b004c4ace3b84a75cb982627b5e0c  C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
MD5: 9b25e7cbebca73b64c5a8f7b20eb64ee  C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
MD5: f1761c8fb2b25a32c6d63e36bb88c3ae  C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: 637a0f23f9012358e92e6f99835494d1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: 6380ff81dd4d78b23398752d2f46ea43  C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 25d6b2eb0a1fc4ab413afe7ec4793ec1  C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
MD5: 9a5824a316f7145f7ad2f3446aa9cbe5  C:\Program Files\NOS\bin\np_gp.dll
MD5: d9207c89af71c0561f2b7fd32d9ed21a  C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: aa72585511429a6f4252c2e691e9cd04  C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 04d68c71e2fd53556bfdbba7b1ba9310  C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: 6fd184d79e2d95d592f66494d9d013e5  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: c354621b6b94e10ae7f5cdbe745feb86  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: c5d6cd4879b3fec3e007ce5d61078839  C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 47bee6c658ef8451394e3d2ed3ce88ee  C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
MD5: f716057c341c8a4f58142dfc8ef336ea  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
MD5: 4203e86598d0e98d7706f7134b74b570  C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
MD5: c38fd6683fd0285f0a41a6463325715d  C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
MD5: f6e882ac84d298650feabae72fec86ba  C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
MD5: ef439daa6c29b68cfa5220726b2ddba0  C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
MD5: 37f929a6cc3ef6ffacc02f511dd6cbe5  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
MD5: a974e5c310b9b00894070ceb055d467f  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
MD5: e8d4c60c1a126381f202c64bcdc31e6d  C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
MD5: 8796f7b606ce682e82a1ee6198948fdf  C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterServiceENU.dll
MD5: 5d32df97b9116dda0c75a342f5b2ffec  C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL
MD5: dafdb8d555a52142da3033ac758c899c  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
MD5: 84d9caefd4b265b66d19dc7770d1f6dc  C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL
MD5: 0efa66e9384dbced4d639fb9bdd97536  C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 2477a2cc6d40fe623fd789d546cabd40  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MD5: de46debf40cf2a4bb44017564748a00d  C:\Program Files\Vuze\aereg.dll
MD5: c4a0673606f8a4d912646e2778630bdd  C:\Program Files\Vuze\Azureus.exe
MD5: c5fab720f41783bcafb72cce93f72734  C:\Program Files\Windows Live\Messenger\MSIMG32.dll
MD5: 6ba0b21f9443bf7109618a0ea975b776  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
MD5: e38864f36399e120d70828bef16deb3a  C:\ProgramData\id Software\QuakeLive\npquakezero.dll
MD5: 6d657abadf217dbb17cf0a0af44a7e29  C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
MD5: aab979089e192acc0fe1e3c018f8b591  C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
MD5: 09b4e13d25623d879d35286e2d29ff13  C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1  C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
MD5: f14739c026677a399f16e4072d80a981  C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MD5: 53c291d58184d80b9de18a94b97c95db  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npLMI64.dll
MD5: 7fa163c7f7901480a18a070cfa412769  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\[email protected]\plugins\npRACtrl.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 1c8ebe54a4c52191071b1d236096e732  C:\Windows\Downloaded Program Files\gp.ocx
MD5: 68cdc33d31f1952c80a915677d7b7796  C:\Windows\Downloaded Program Files\isusweb.dll
MD5: 6f678556a6fce04fc94f3435f6313705  C:\Windows\Downloaded Program Files\unagiuninst.exe
MD5: a73f918ec995dddbfb0d0cf1f546089a  C:\Windows\nvflash.sys
MD5: 9ce1b0e5cfa8223cec3be1c7616e9f63  C:\Windows\nvoclock.sys
MD5: ea85c911c213873a975a5988ed19a66b  C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 8b794ae6d5c7d42092804bc39a2eb8f6  c:\windows\system32\AEPIC.dll
MD5: bba9d5a730d5e304117ad26923ebd8aa  C:\Windows\system32\audioeng.dll
MD5: fabfc817547eabb19b74849cef410622  C:\Windows\system32\authui.dll
MD5: e984e3b7b76206c67d89b39a61b5e27d  C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
MD5: d6c2ed4c1fdceaa100654c6533a3c224  C:\Windows\System32\AuxiliaryDisplayServices.dll
MD5: 9a595df601070da78c40481120dd2c06  C:\Windows\system32\basesrv.DLL
MD5: f45ed8c4f9af862cd9992849b5203c11  C:\Windows\system32\bitsigd.dll
MD5: 704a8b68374e6309b8d67f997fd3034b  c:\windows\system32\bitsperf.dll
MD5: f8d2bb31af1b91f8f9f372356f1ea54f  C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
MD5: 9092668daf4061898fd3f2c19d8c7f85  C:\Windows\system32\CLUSAPI.DLL
MD5: 50ba656134f78af64e4dd3c8b6fefd7e  C:\Windows\system32\cngaudit.dll
MD5: 10de24cccd418c31107813682eb73542  C:\Windows\system32\CSRSRV.dll
MD5: 342271f6142e7c70805b8a81e1ba5f5c  C:\Windows\System32\csrss.exe
MD5: 7c5567a00456f3a3a07800ebb3f351c4  C:\Windows\system32\d2d1.dll
MD5: c5f549970ac071ea452e58b6422c94fa  C:\Windows\system32\d3d10_1.dll
MD5: 029e2a480ce2020df097e535a2311712  C:\Windows\system32\d3d10_1core.dll
MD5: 00acf50216b86de4cec1ab1bae3cfa40  C:\Windows\system32\D3D10SDKLayers.dll
MD5: 524408d5127f14b71e574d80f2f0924f  C:\Windows\system32\D3D10Warp.dll
MD5: 990a58a0b01720e419b55efc5ff387f8  C:\Windows\System32\dhcpcore6.dll
MD5: 5e08ac958be05247ff1539e0d1ce7905  C:\Windows\system32\DINPUT8.dll
MD5: 100103c6535c66265267f5eea5f5846e  C:\Windows\System32\dnsext.dll
MD5: a8e0833d994d84936fa72ee1bef4774f  C:\Windows\System32\dot3svc.dll
MD5: 86d1b2e9c7c11b99305eb6597d80cb0a  C:\Windows\System32\DreamScene.dll
MD5: bf02f806c873abb04b197161e8e5a316  C:\Windows\system32\drivers\1394ohci.sys
MD5: d2bf422c2611632afb9ce8f7b2a8c306  C:\Windows\system32\drivers\AmUStor.SYS
MD5: dcdaab8697a47894a554050ce18d0b56  C:\Windows\system32\DRIVERS\ASACPI.sys
MD5: 62f9dcec95f91b8e0203e85d344a7e65  C:\Windows\system32\drivers\aswMonFlt.sys
MD5: 81f638a2dd94abbf0b43880ab38d8dbd  C:\Windows\System32\Drivers\aswrdr2.sys
MD5: 77361d72a04f18809d0efb6cceb74d4b  C:\Windows\system32\DRIVERS\bridge.sys
MD5: 656d1ec977e3c5316a62dbbe52cb9663  C:\Windows\system32\DRIVERS\cdrom.sys
MD5: c2eb4539a4f6ab6edd01bdc191619975  C:\Windows\system32\drivers\cpuz135_x32.sys
MD5: c94b6c3cc628179cb9b9061c19888b99  C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 7449750d231b0c4bd48c32399711d76b  C:\Windows\system32\DRIVERS\epfwwfp.sys
MD5: 8142d5d886829b9876cb93af59475c09  C:\Windows\system32\drivers\ftdibus.sys
MD5: 63d72a4cf9f163b59db0ceed940a7d76  C:\Windows\system32\drivers\ftser2k.sys
MD5: d95554949082fd29a04d351b58396718  C:\Windows\system32\drivers\hardlock.sys
MD5: 2dd25f060dc9f79b5cdf33d90ed93669  C:\Windows\system32\drivers\Haspnt.sys
MD5: 2247354a4d999c9cbb4d61b2a27576b9  C:\Windows\system32\DRIVERS\iSSetup.sys
MD5: c1f278a8151caceb89badaf336e37740  C:\Windows\System32\Drivers\ksecpkg.sys
MD5: 8c804b1ffad1efa952b747e8285c3b76  C:\Windows\system32\DRIVERS\L1E62x86.sys
MD5: 170e7093a77ad586f3a012a3db651d94  C:\Windows\system32\drivers\LGBusEnum.sys
MD5: d2dd04d1c8df65eecd1f2c7fb947d43e  C:\Windows\system32\drivers\LGVirHid.sys
MD5: 63d3b1d3cd267fcc186a0146b80d453b  C:\Windows\system32\DRIVERS\LMouFilt.Sys
MD5: 0c62957912d4df1e4ba9795e6be3ed38  C:\Windows\System32\Drivers\LUsbFilt.Sys
MD5: 71fb2c9d23e62d42f7a8af56e5dd8414  C:\Windows\System32\drivers\mapledxp.SYS
MD5: 8fd868e32459ece2a1bb0169f513d31e  C:\Windows\system32\DRIVERS\mcdbus.sys
MD5: 9e5dd4ef01aed723abf5342ef23ff012  C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6532acbf612a8d340ef9e25e4fef21ee  C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: bb14a640e7f234f260d1aa19a60cf960  C:\Windows\system32\drivers\msahci.sys
MD5: 779e9149d3662ed6beb58a67e3c775f4  C:\Windows\system32\drivers\ndis.sys
MD5: afb33a823aabc112fc7bd62afbcdb0cd  C:\Windows\system32\DRIVERS\nvlddmkm.sys
MD5: 908593eac1ffe529fe760b0a378b3600  C:\Windows\system32\DRIVERS\o2media.sys
MD5: e5e4f48a17cdd4683936b06563ba1c51  C:\Windows\system32\DRIVERS\o2sd.sys
MD5: 80a4748a0304715c29093311795ac448  C:\Windows\system32\drivers\pci.sys
MD5: bcf8d075fad718fea8ef6e281331a56e  C:\Windows\system32\drivers\pstrip.sys
MD5: c4317da9066ef0678db2b68492523b38  C:\Windows\System32\Drivers\qd16032.sys
MD5: e2c2ce489356943c1922b8353dcdad05  C:\Windows\System32\Drivers\qd26032.sys
MD5: df672613fbbcd58c38bb0bc2694bcfb0  C:\Windows\system32\DRIVERS\rimmptsk.sys
MD5: af213955c4d952c914620e8db0cd0cf7  C:\Windows\system32\DRIVERS\rimspe86.sys
MD5: 9bfb54d3559f2ff7301271d29d383564  C:\Windows\system32\DRIVERS\rimsptsk.sys
MD5: 6978decc2c38c5ce10a8b0f2b12f4451  C:\Windows\system32\DRIVERS\risdpe86.sys
MD5: 764c1f3453e779724ba647327de7ddd4  C:\Windows\system32\DRIVERS\rixdpe86.sys
MD5: dcb87da83cc1010cbc9fc4dc9e395bbc  C:\Windows\system32\DRIVERS\rixdptsk.sys
MD5: 0dbef9cd5a2cd71240dd5afcee56d073  C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 25c91ee1be0c0cfa79696a2d0b47aa43  C:\Windows\system32\DRIVERS\RTL8187.sys
MD5: 702a60acc6c067cc3f688c801a1f76e1  C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 83f7a29b659771e60cd71999ef57aa0c  C:\Windows\System32\Drivers\RtsUStor.sys
MD5: 87f799c486302aceff098e067d481d9c  C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
MD5: b7aee68d2e867cbf69b649b18fcedbbb  C:\Windows\system32\DRIVERS\tap0901t.sys
MD5: a1edfae89bc8956c925b99950e3558ad  C:\Windows\System32\drivers\tcpip.sys
MD5: eb0a7bd4d471ac3ce55564a4c55b9d8e  C:\Windows\system32\DRIVERS\udfs.sys
MD5: 71bbf3e8078d585abf27411a8986eb95  C:\Windows\system32\DRIVERS\umbus.sys
MD5: a9723bfc2b6ce2e328c73bb95ac1cd06  C:\Windows\System32\drivers\UMDF\lgSSBW.dll
MD5: bd1e4b33d7a8d99dc50c7eaf1cd8e18e  C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
MD5: 0db84eda895894ba222e27acf597c806  C:\Windows\system32\DRIVERS\usbhub.sys
MD5: 86326062a90494bdd79ce383511d7d69  C:\Windows\system32\DRIVERS\V0510Vfx.sys
MD5: 004415a34b5dc881eaefb860c4b22c24  C:\Windows\system32\DRIVERS\V0510Vid.sys
MD5: e2d93ecd5a0f3bfba99d023074c73f6a  C:\Windows\system32\DRIVERS\vm3dmp.sys
MD5: e41fef9e3056fe88c71e411f705be41e  C:\Windows\system32\Drivers\vmm.sys
MD5: 17cd671136032e3a202b4a9c6c4c9dba  C:\Windows\system32\DRIVERS\vmmouse.sys
MD5: 70f41d1ebdd9ee6ed2fd0fc05aa1fc13  C:\Windows\system32\drivers\volsnap.sys
MD5: 33e74df34753fcaab06f6f2bdc8cabf5  C:\Windows\system32\DRIVERS\vpchbus.sys
MD5: 5f04362ceb5fb5901037e9d9eadd3760  C:\Windows\system32\DRIVERS\vpcnfltr.sys
MD5: 625088d6ee9ede977fd03cf18d1cd5c5  C:\Windows\system32\DRIVERS\vpcusb.sys
MD5: 5ed378d91e32134f3c0b3810860ffd71  C:\Windows\system32\drivers\vpcvmm.sys
MD5: 9ae9e94531e5ef4bddb8febce3c244b7  C:\Windows\system32\drivers\windrvr6.sys
MD5: 60cc965a89e2072ebd26d63d5e1e1d18  C:\Windows\system32\dwmcore.dll
MD5: c0523fe101a30e3821604fe1ca1740d7  C:\Windows\system32\DWrite.dll
MD5: ea2808768a6c408565f2ddb358ae734a  C:\Windows\system32\dxdiagn.dll
MD5: 496c56361f57c2ca54931ebbc7d6c2cf  C:\Windows\system32\eapphost.dll
MD5: 61933976cfb6f3f2a0e14a1da704adf6  C:\Windows\system32\EFSCORE.dll
MD5: 91f434ff6606ed9bdc6a05d651b69553  C:\Windows\system32\efslsaext.dll
MD5: 00a99da54c14969a899ed316d16e9a9e  C:\Windows\system32\efssvc.dll
MD5: 359c3ac547aa1d24eed35be3ab3759dc  C:\Windows\system32\EFSUTIL.dll
MD5: 8898c95862d03d16b2a06db4db6bb6b2  C:\Windows\system32\EXPLORERFRAME.dll
MD5: f34cfada6c48daa41b996d24c7d8d3ca  C:\Windows\system32\fdPnp.dll
MD5: 674611721264013db169ec12afc9c3b6  C:\Windows\system32\fdssdp.dll
MD5: de6f4b7e62fde776f3de8e5fb5a05c48  C:\Windows\system32\fdwsd.dll
MD5: 151258fc2ec8c48bdf8a53350ae0a676  c:\windows\system32\fntcache.dll
MD5: c87f28a34b3840f4b40011d170b1a159  C:\Windows\system32\FVECERTS.dll
MD5: db603d3fd090c66f9709ef6493c26ba3  c:\windows\system32\FwRemoteSvr.DLL
MD5: d5cc5113671ac70993a5b46923212f16  C:\Windows\System32\FXSMON.DLL
MD5: 10a0262b59094f81f66b3c4c723ad454  C:\Windows\system32\GDI32.dll
MD5: 7a01a8d7c11861322a801afe32e5effa  C:\Windows\system32\hgprint.dll
MD5: e2f6cc0d191361ee94fea3957653f531  C:\Windows\system32\hidphone.tsp
MD5: 9dc23acf360aea7df55ad7a8d3fbf4e6  C:\Windows\System32\IdListen.dll
MD5: 8dd29072e90e9eab909d388d629248aa  C:\Windows\System32\ieframe.dll
MD5: d3f60bc53ff510b88b9acbc3f64fe922  C:\Windows\system32\iertutil.dll
MD5: 5e5dfc8ee7ea23ccad44085bfda70fbc  C:\Windows\system32\inetcomm.dll
MD5: 258a532cffaad910b5b14f27dcd7bfb3  C:\Windows\System32\inetpp.dll
MD5: 9afbfdb38477cc688ea01f7366a33757  C:\Windows\system32\IPHLPAPI.DLL
MD5: c45df7436e84c1aff4e85e828f69b849  C:\Windows\System32\jscript9.dll
MD5: af75dba674e55221b7a055b0a4345f16  C:\Windows\system32\keyiso.dll
MD5: f3fb146cdbdd26fcd0cf7941c547bee4  C:\Windows\system32\kmddsp.tsp
MD5: c1585eaa67c37a05bf6f93726fafc069  c:\windows\system32\l2gpstore.dll
MD5: 55ca01ba19d0006c8f2639b6c045e08b  c:\windows\system32\lmhsvc.dll
MD5: 9a3053c8b97b5f8d2191df4f3d868eee  C:\Windows\System32\LMIport.dll
MD5: 724a74ba9b5832a91562d2ac393e540b  C:\Windows\System32\localspl.dll
MD5: 056b825680e7d8c8f7e02af3ad458529  C:\Windows\system32\lsasrv.dll
MD5: 398dc10274c0cb861338cfc56e727c9f  C:\Windows\System32\lsm.exe
MD5: 26807eed9a80328943cd8385bc7e6991  C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
MD5: 8d610b2bbed579479aa1da1626409356  C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe
MD5: 54fc590185d7d00d65e53b9a5990dc14  C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MD5: edfd14fb3136ca23c9d7868fe98e10bd  C:\Windows\system32\mapledxp.dll
MD5: d0be54a20bb11b4b9cc1c53fdbef7e34  C:\Windows\System32\mf.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7  C:\Windows\system32\MFC71.DLL
MD5: d42e19561c2c5e2103a8fe18dc091878  C:\Windows\system32\MFC71ENU.DLL
MD5: 4def8126cabaa6cdc12103cd74c6a919  C:\Windows\System32\mshtml.dll
MD5: 35aae2e841aa1a949775168e119482c9  C:\Windows\system32\msls31.dll
MD5: 387a8a473ecc5ba02cf453277c1f3274  c:\windows\system32\mspatcha.dll
MD5: c90878913df3dc504790282043db5f4c  C:\Windows\system32\msprivs.DLL
MD5: bf38660a9125935658cfa3e53fdc7d65  C:\Windows\system32\MSVCR100.dll
MD5: 5f610783fbf01f9885d80a1db1a2f220  C:\Windows\system32\NCI.dll
MD5: a4cc7227a452c4909f9499d91b184364  C:\Windows\system32\NCObjAPI.DLL
MD5: 3f2deafc463d75611cb9c5e36a8ccf15  c:\windows\system32\ncsi.dll
MD5: aa11a26692e0db2996caefe9ec61f61f  C:\Windows\system32\ndptsp.tsp
MD5: 6dcfaec6d1334aa6cdf8961db4633cbf  C:\Windows\system32\negoexts.DLL
MD5: c5b5ccdbf8ed1475240313ed88234e3f  C:\Windows\system32\netcfgx.dll
MD5: c1ae600c554a0ebc6cd211541fa6815f  C:\Windows\system32\netjoin.dll
MD5: eaa75d9000b71f10eec04d2ae6c60e81  C:\Windows\system32\netlogon.DLL
MD5: ab87c54ca19675880b0cae65b8af140c  C:\Windows\system32\npDeployJava1.dll
MD5: bbc47a2e02be7deaa8ed514aab4f1faf  C:\Windows\system32\npptNT2.sys
MD5: 16707ec5fd029a4415b138796f0981ce  c:\windows\system32\nrpsrv.DLL
MD5: ba387e955e890c8a88306d9b8d06bf17  c:\windows\system32\nsisvc.dll
MD5: c427b7df241b62956b80bd6cc3595ea3  C:\Windows\SYSTEM32\ntdll.dll
MD5: 665a831d7a1d46150c5d5dfd8ba9ba0f  C:\Windows\system32\nvapi.dll
MD5: 2c2ff43b67402a0c8f73499855db33a7  C:\Windows\system32\nvshext.dll
MD5: 1821828a1c14280420a2914881c25cdc  C:\Windows\system32\NVSVC.DLL
MD5: 782945716ad010ac3d41758e8e52c735  C:\Windows\System32\nvvsvc.exe
MD5: 27aa6add698f10683cc516aed46a41c4  C:\Windows\system32\nvwgf2um.dll
MD5: 3f7881f31ca69e2ff2ae4e470c55afa6  C:\Windows\system32\OLEAUT32.dll
MD5: 38311fc42196bef5fabeb1f104e3fa46  c:\windows\system32\OneX.DLL
MD5: 08df1b8c9c0754a7069e80a986373f52  C:\Windows\System32\P2P.dll
MD5: 1b0ec94520cab89a9ce1b2da405166af  C:\Windows\System32\P2PCOLLAB.dll
MD5: 7e82616bee76bf5eaa5b30f681414e21  C:\Windows\system32\perftrack.dll
MD5: 37cc990d4e2cdfae12ac47f6b620fc13  C:\Windows\system32\pku2u.DLL
MD5: 2862a3819bbc9757dd27bac41a4e0a3e  C:\Windows\System32\pnidui.dll
MD5: 19e83b09ab8ee1d837665da941e2ac44  C:\Windows\system32\PnkBstrA.exe
MD5: eecbca235e56ef1c772df6a19c560afb  C:\Windows\system32\PortableDeviceApi.dll
MD5: 81490fdae27f0082e5cc2dc78dca96fa  C:\Windows\System32\portabledeviceclassextension.dll
MD5: c693e642acfbdd76433af6be3c3eee6f  C:\Windows\System32\portabledeviceconnectapi.dll
MD5: dda6cfd632dcb8d9c72ada58799bf776  C:\Windows\System32\PrintIsolationProxy.dll
MD5: 52ffc8a7aa3eabc2602195cf14e9b80c  C:\Windows\system32\RacEngn.dll
MD5: 7ffd52d73352806969d424ef327d10a7  C:\Windows\system32\radardt.dll
MD5: b0d9baf2b3ab3a83c00ad4873d744dea  C:\Windows\system32\radarrs.dll
MD5: 75dd1448b57d1f9382a8b59ed8e3790b  C:\Windows\System32\raschap.dll
MD5: 98963bd29723a373009b017e87be9ce8  C:\Windows\system32\rasppp.dll
MD5: b5c452baf3a3914ef87628252ea12feb  C:\Windows\system32\rastapi.DLL
MD5: 9015ee5171bcb15653da27024bd27128  C:\Windows\system32\RESUTILS.DLL
MD5: 6a938d7cf37d9eaefa3bb546868cfe17  C:\Windows\system32\RtkAPO.dll
MD5: 4bef53964dc519550ee030253fc1e25e  C:\Windows\system32\SAMSRV.dll
MD5: 53b13b258970b6b5a1fe09f26eb3b3a6  C:\Windows\system32\scecli.DLL
MD5: 1c9cdbdf895a556e66aebfd93a36b536  C:\Windows\system32\SCESRV.dll
MD5: 3369d021265e369d57317d61fa86dd79  C:\Windows\system32\scext.dll
MD5: bd489cf2d30c611740c0899549d2a470  C:\Windows\system32\schannel.DLL
MD5: 4fb383223c3f9e7f4285c42e82e430b9  C:\Windows\system32\SearchIndexer.exe
MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6  C:\Windows\System32\services.exe
MD5: 01fe4bdd0b47a7d8bf34d78d2bc23ddb  C:\Windows\system32\slwga.dll
MD5: 16742790895960690237a5143cedec8b  C:\Windows\System32\smss.exe
MD5: 9e81cd18f45702a9d3d34edf295c2fb1  C:\Windows\system32\SortServer2003Compat.dll
MD5: 375b160a176359b8f92cbe38b920065e  C:\Windows\system32\spool\PRTPROCS\W32X86\LMIproc.dll
MD5: 192f7774290df6a0054582a6b685d43b  C:\Windows\system32\spool\PRTPROCS\W32X86\TPWinPrn.dll
MD5: dbd10464e7246c9e722025debc093d01  C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll
MD5: 629181c26a78eb66b0b4e774e5ac2882  C:\Windows\System32\SPOOLSS.DLL
MD5: 7a3afe50417b94910a6dae1d07df6e3a  C:\Windows\system32\sppcext.dll
MD5: 58c94eae54bf0c5e2b80b2e5e7744d4c  C:\Windows\system32\sppcomapi.dll
MD5: 58e1354d5cf82e33af9a1cd1e31c9ed7  C:\Windows\system32\sppobjs.dll
MD5: 4c287f9069fedbd791178876ee9de536  C:\Windows\System32\sppsvc.exe
MD5: 57d56901ba1b27ee1eee94497f3db41d  C:\Windows\system32\sppwinob.dll
MD5: b6c756fa661c5eb7b3547e60647f87a7  C:\Windows\system32\sqlceoledb30.dll
MD5: 2f94e3709f029512a1bd8f6c108d7b62  C:\Windows\system32\SSCORE.DLL
MD5: 54c5eb1fd11027fb23bc4f79146ce159  C:\Windows\system32\SspiSrv.dll
MD5: 1b7dbc9de502db1d417112e5d640f78f  C:\Windows\system32\sxs.dll
MD5: 364455805e64882844ee9acb72522830  C:\Windows\system32\sxssrv.DLL
MD5: 8c7fe6b9559204765849bff308764fa5  C:\Windows\System32\SyncCenter.dll
MD5: 04105c8da62353589c29bdaeb8d88bd8  c:\windows\system32\sysmain.dll
MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e  C:\Windows\system32\SYSNTFY.dll
MD5: 0d4e8439ad3159a335fa720e043ea22e  C:\Windows\system32\taskcomp.dll
MD5: 3ac005686f8b3289691e5bdbd5251c53  C:\Windows\System32\taskhost.exe
MD5: eafc149cd3bd78c443e31bb157841197  C:\Windows\system32\tbs.dll
MD5: b390c1d825c7687493bede237c6c2f25  C:\Windows\System32\tcpmon.dll
MD5: a739793f1a4f04b66e2444e90ae9e694  C:\Windows\system32\tspkg.DLL
MD5: 7222995615bf93b628dcea4bd6ccacf7  C:\Windows\system32\UBPM.dll
MD5: 91da0906b27adc98b7cc9d17f6f8227c  C:\Windows\system32\umb.dll
MD5: f45330f0364bc8223ef835ea5e3ebb8e  C:\Windows\system32\unimdm.tsp
MD5: e675de8cf57d8814218733b3dae896d7  C:\Windows\system32\uniplat.dll
MD5: aa5f4683a0c3c40d90377aa238a6f1b7  C:\Windows\system32\urlmon.dll
MD5: 3e1ebf74dd93287b7dc1c681b09e3639  C:\Windows\System32\usbceip.dll
MD5: 923cdd30092db73ec4a0ebcddd16c686  C:\Windows\System32\usbmon.dll
MD5: c7b21bef09ec7249556bee19f9d314cb  C:\Windows\system32\USER32.dll
MD5: a12829e9974f57e9b5dbfea7c93190f6  C:\Windows\system32\UXINIT.dll
MD5: 03e73018549d1a2906e6356fe3bd31d4  C:\Windows\System32\vds.exe
MD5: 448d058a803e095131b41688d66632f1  C:\Windows\System32\vmictimeprovider.dll
MD5: 582c191f861d18b8c937fb9859b80e9c  C:\Windows\system32\vpnike.dll
MD5: 8ea33ae2f8bb85ad9fd1feaedba544fd  C:\Windows\system32\VSSAPI.DLL
MD5: 25d124d384906d5aa0907e5989a60ca0  C:\Windows\system32\VssTrace.DLL
MD5: f1bf254dc9eda07e3a83bd111e39a350  C:\Windows\system32\vssvc.exe
MD5: 5ae88135c6a86fcd67ba16afbb1c8389  C:\Windows\system32\wbem\esscli.dll
MD5: f148865e4ac4f715e322ea06e6e21d84  C:\Windows\system32\wbem\ncprov.dll
MD5: 371e3b05894549113d07cd3081ed55ef  C:\Windows\system32\wbem\repdrvfs.dll
MD5: 801211dcfd6414ffa48bca661a76c6fa  C:\Windows\system32\wbem\wbemcore.dll
MD5: b350509b6c9296529bc464c60feeaef1  C:\Windows\system32\wbem\wbemess.dll
MD5: 0e7441be4d8c31c7f94d4e09af8339c8  C:\Windows\system32\wbem\wmidcprv.dll
MD5: b8f4a6990a6295159792b4ad189d460d  C:\Windows\system32\wbem\wmiprvsd.dll
MD5: 7790b77fe1e5ee47dcc66247095bb4c9  C:\Windows\system32\wbengine.exe
MD5: 23d5ae191d918bb82fd8027e1ba869d4  C:\Windows\system32\wdiasqmmodule.dll
MD5: 5193de33f3284c447e0d31dafbf92570  c:\windows\system32\webcheck.dll
MD5: 4262220b609ad082ce66914172597a96  C:\Windows\system32\webservices.dll
MD5: 2873dfe622f4a3929d93f7bc85ade13e  c:\windows\system32\wevtsvc.dll
MD5: 019c372b1a9da73a22d0d35a4d40f5c9  C:\Windows\system32\wfapigp.dll
MD5: e0fe1259d88a89493098d9269144fd5f  C:\Windows\system32\wiarpc.dll
MD5: 2f998e1fca7749e836fdfafe88de9237  C:\Windows\System32\win32spl.dll
MD5: a1236375b74ea63c75657d564890c436  C:\Windows\system32\WinInet.dll
MD5: b5c5dcad3899512020d135600129d665  C:\Windows\System32\wininit.exe
MD5: 37cdb7e72eb66ba85a87cbe37e7f03fd  C:\Windows\System32\winlogon.exe
MD5: 827e4f75901ca3f990b1487d3301841e  C:\Windows\system32\winsrv.DLL
MD5: 81e1423a5d3f0f350307b537d33599fc  c:\windows\system32\WLANMSM.DLL
MD5: 20c06a50dfc097e134bc6fa8444ca9bc  c:\windows\system32\WLANSEC.dll
MD5: 749f9795f01c35eebe100a87d82b9681  c:\windows\system32\wlgpclnt.dll
MD5: 633c2c060cf857099f6c4f8d75c952b1  C:\Windows\system32\wls0wndh.dll
MD5: d412b1b72c5ab020218e9a047d90ca05  C:\Windows\system32\WMsgAPI.dll
MD5: 206eccf79765e9f3fc6cca04114ee058  C:\Windows\system32\wsdapi.dll
MD5: a8eb761de499242becf153b2b34f020e  C:\Windows\System32\WSDMon.dll
MD5: 596371a825c6abb55e436b6f0966a24f  C:\Windows\System32\wsnmp32.dll
MD5: c6e7ab7e798167095987ebccb76df61b  C:\Windows\System32\WUDFHost.exe
MD5: 688975cea9add749e339168a2841205a  c:\windows\system32\WUDFPlatform.dll
MD5: 390261f19400ba8f7c318cd3dc0ee242  C:\Windows\system32\WUDFx.dll
MD5: 77f595dee5ffacea72b135b1fce1312e  C:\Windows\system32\XInput1_3.dll
MD5: c6cad1dd5af742e267edd8a90ca200ec  C:\Windows\V0510Mon.exe
MD5: 16f3bb89525ee0a857923e63206409d9  C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.DLL
MD5: 8d25a3bf9d0005d264f105414ae2cde6  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCP80.dll
MD5: 0ef2917efd6d96e4c9cf121738cf5409  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bcfbef2f71c2eb0a23fa54a3ed314e78  C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.5570_none_4bf8f87ebf99de1f\mfc90u.dll
MD5: 578db4f008387daca5bfa2b1df651f1e  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16400_none_ebf9dccf6c73e561\COMCTL32.dll
MD5: 0309d0432568dc021be9526ba6e62c99  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\COMCTL32.dll
MD5: b316906b4a04dd39985350d29de31068  D:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: ab6e3df509c6bd59062f685a40395c23  D:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 6f367a9b88cfdd46f42c1d11e5cb7964  D:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: c2434dea392826c1687d9bd7fa4845bc  D:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 9c09af87ac7351985ab5ffba3fc52575  D:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: e844c96552989fa1eca95778583a904c  D:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: 17f5861a03516864a5f4cc04c7324278  D:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 8bec10c53e927cd5e442fe332804f1ac  D:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 9b2f20ecf609edf54fec43e792028261  D:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: 857661f2e5a677cfb6d3b2cf6e428227  D:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: 2466ed58b8efb3320bca73acf8179d24  D:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 5d9550e02d981b92b133e5f8f7bdf8d2  D:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 55afa63f5f2a6ced0c09e2afe57eca8d  D:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 977c54291bfa6fee7ff865630e51757b  D:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 4d153bde01aa3fd33414199052051549  D:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: 16ce3ed063923253905341c9af850fe7  D:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 4ff19ac422b7709d786de58b385c9647  D:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: 13790c4fb6311ece6d6763a7ec2313fb  D:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: 045ee3dc56b12b404dc07848d8597c66  D:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: eb398ded91cff2f425610eaa2ccf2a23  D:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: babe99a18a382a5e2f99b48e0bc3e0d4  D:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 178b51198b7b46cd3c5e744474459a63  D:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: f0e7dec6f7a3610949bded0ca8ccb3ea  D:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 264b5d8f4c70a26749ff2cedde06ba30  D:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: c515caec6b3c6970007954c0250a124c  D:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 902f670f58193a2bc30aa342b11b2c7b  D:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: 124715cd10c62a78404f1a3b1048d062  D:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: fca9cc8611654b790dd6242bf862b7f5  D:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 12b9869e74f9e698f550f04f8989c591  D:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: f186897e0a3b9d0784041221d0265069  D:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 273fd83fc8c4e12f8c55381674f92a44  D:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 179eed57fed3c7422a559633641032ba  D:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: dfce15e59b8ac862b8e3ca6e43fe33f8  d:\program files\avast software\avast\aswwebrepie.dll
MD5: 8fa553e9ae69808d99c164733a0f9590  D:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 083649ef692a066880c9326020915afe  D:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: ab04c6ce5df23819b914f822e9aa0edf  D:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 994b23aeffedffda471374d646b771dc  D:\Program Files\AVAST Software\Avast\defs\13020200\algo.dll
MD5: a51e50551720871a2409398ecb156a44  D:\Program Files\AVAST Software\Avast\defs\13020200\aswCmnBS.dll
MD5: 3ae814769fd59498e9af30a1b86417df  D:\Program Files\AVAST Software\Avast\defs\13020200\aswCmnIS.dll
MD5: e895e417f04339b583a90a1959054bea  D:\Program Files\AVAST Software\Avast\defs\13020200\aswCmnOS.dll
MD5: 1e487f83d37f7df5570f8bb2474a3391  D:\Program Files\AVAST Software\Avast\defs\13020200\aswEngin.dll
MD5: c1f048b33a1bd8f5b05af76469252f55  D:\Program Files\AVAST Software\Avast\defs\13020200\aswFiDb.dll
MD5: 9113108930bba90ded86dc3b6cace5d7  D:\Program Files\AVAST Software\Avast\defs\13020200\aswRep.dll
MD5: 10dfda4df80a0d273b142e2fd4aa2994  D:\Program Files\AVAST Software\Avast\defs\13020200\aswScan.dll
MD5: 35a75c922d5827944cbd0f013186f0ef  D:\Program Files\AVAST Software\Avast\defs\13020200\uiExt.dll
MD5: d79d3eabd4730970770efa530d094e0f  D:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: ad8bd96b41c40ac36d803df267b26ef0  D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
MD5: 616399e27a55c97ae859230eb13984d8  D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
MD5: 2135894a03850d9ac641e4ef9a1759c6  D:\Program Files\LogMeIn\x86\LMIGuardianDll.dll
MD5: 3d67740573a70c6c9b1614982cfac4c5  D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
MD5: 33cd12979bd4ae881f3c097905bbcff9  D:\Program Files\LogMeIn\x86\LogMeIn.dll
MD5: 432618fa75b61059d2c57d6a7e55147a  D:\Program Files\LogMeIn\x86\LogMeIn.exe
MD5: f7675b88dd03788c7ef3ce63f2e6949f  D:\Program Files\LogMeIn\x86\LogMeInSystray.dll
MD5: d95f3217c9dfa24eca582ed8e435e221  D:\Program Files\LogMeIn\x86\ramaint.exe
MD5: 22068d35a065335eaa8ddf0223c819e3  D:\Program Files\LogMeIn\x86\rntfywnd.dll
MD5: a16852b04c0a5654b0b8dfd5e1a25718  D:\Program Files\MagicDisc\MagicDisc.exe
MD5: f2c9648784e231a8f2ce3bacace88dbf  D:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exe
MD5: abcb32074e06047b997fbb3343a30fc1  D:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
MD5: 77f0fe04b4493ec99270801a7e0a8b71  D:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 2eac0f6e91d9fced7f367d5995550fa5  D:\Program Files\Mozilla Firefox\firefox.exe
MD5: 62b5f1c40b8a36865b6936138d7fcf48  D:\Program Files\Mozilla Firefox\freebl3.dll
MD5: e0c6e5c784f7a1f1ccd76ff8597a85a8  D:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 5cf34a7f372e461be3ea334227eaf5e0  D:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: b79fa7fb382ba10b54b81cb9d7497987  D:\Program Files\Mozilla Firefox\mozglue.dll
MD5: b0b2abe050b5c18032063287154cbceb  D:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 7f4890604f896c0cbc5bb8ca75bb0eb3  D:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66  D:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1  D:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: 93e107c54eb2b07f78b04cbe21b5a0ef  D:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 23485d8e9258999b8a9a0171cfea82d1  D:\Program Files\Mozilla Firefox\nss3.dll
MD5: 843edef8c2af5f902de30dbf5782fb72  D:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 8fecd1cd85600f61d43c8de52bc64a17  D:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 5b5b1475a41b385c41da41133dc5e708  D:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 6b4eeb2490f593ad63ff929a9edf2bca  D:\Program Files\Mozilla Firefox\plc4.dll
MD5: 5e5eccd44d40eb09c9e96ce2fb0af10c  D:\Program Files\Mozilla Firefox\plds4.dll
MD5: 0bc70d5576c0ec1d7478d433815643f1  D:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 9a5824a316f7145f7ad2f3446aa9cbe5  D:\Program Files\Mozilla Firefox\plugins\np_gp.dll
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0  D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: ca4ce314b08cb7aad775d8bb2eb4751c  D:\Program Files\Mozilla Firefox\smime3.dll
MD5: ad4a76d499b6b3ebe0c4eefa734fa670  D:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 35e3331006ce407b9bee89651c02f11e  D:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 954514a8932f7d35432b4df091fb3790  D:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 8a46058eb19ea0585af06b4bb7f1d49f  D:\Program Files\Mozilla Firefox\xul.dll
MD5: 5584839c957afd2939b6e49ea582c1f4  D:\Program Files\Sandboxie\SbieDll.dll
MD5: 0e5a3d6b8362d7b44dbf56acd2c090ce  D:\Program Files\Sandboxie\SbieDrv.sys
MD5: de28c8de65e2e166d1983bddce87fbce  D:\Program Files\Sandboxie\SbieSvc.exe
MD5: bba1fe328cea501fcce1e5df16276439  D:\Program Files\Steam\bin\avcodec-53.dll
MD5: c5ccb86cd745746b9908031a54315f90  D:\Program Files\Steam\bin\avformat-53.dll
MD5: 2a8b8a15a58edf3b443083ec29894e54  D:\Program Files\Steam\bin\avutil-51.dll
MD5: 5f907fe0960cd15513090f0d97bfe8aa  D:\Program Files\Steam\bin\chromehtml.DLL
MD5: 55abf6b44ae50ff4b5a5b65398b103c1  D:\Program Files\Steam\bin\filesystem_steam.DLL
MD5: dd95ed949d28ee4393188c199253d09a  d:\program files\steam\bin\friendsui.dll
MD5: 045d0f4f41ca53d4cb22bdc814a22b64  D:\Program Files\Steam\bin\icudt.dll
MD5: 9da621ee05b8f692abc52b5d8076c3c7  D:\Program Files\Steam\bin\libcef.dll
MD5: 2a2d8f2c1837874697e21beb4adfa705  d:\program files\steam\bin\serverbrowser.dll
MD5: f71006f031cf4f184142c17ae9225d58  D:\Program Files\Steam\bin\steamservice.dll
MD5: 13a4a52c3d7b1cd817a6c0e1ae8b3901  D:\Program Files\Steam\bin\vgui2_s.DLL
MD5: ea07236776bdab19891c47554f47506b  D:\Program Files\Steam\crashhandler.dll
MD5: 173c217e677c4b0c4f8a6d54ba13bf9b  D:\Program Files\Steam\CSERHelper.dll
MD5: a7532e66ea2f168a0970e829d8986423  D:\Program Files\Steam\DbgHelp.dll
MD5: 8a615ba7ea2e374e4ff9ca6664ae07c4  D:\Program Files\Steam\SDL2.dll
MD5: 0c78e06a66288e4b5293104a38fefd18  D:\Program Files\Steam\steam.dll
MD5: 9222e48dfa681e35f340df4e079f7c27  D:\Program Files\Steam\Steam.exe
MD5: 55befabeb88a207d8acf27c5e4364c03  D:\Program Files\Steam\steamclient.dll
MD5: 7e7414261fc6fccf4008fe3bf0ab667d  D:\Program Files\Steam\steamui.dll
MD5: 3355227467c32ef2612bf2da158b6eb5  D:\Program Files\Steam\tier0_s.dll
MD5: 94d957210d137464d9a9bc3cdc0e116a  D:\Program Files\Steam\vstdlib_s.dll
MD5: 33939a56744178d4ad9e7e9bd72c0cba  D:\Program Files\Xfire\Xfire.exe
MD5: 058172de1a8ade29ecedf717ce105e63  D:\Program Files\Yuna Software\Messenger Plus!\detour32.dll
MD5: aad13c9a41d0d1c8ee180c5d7a6519fc  D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll
MD5: e8e81b69457be1b2ecf355bd64917773  D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusRes.dll
MD5: 38730da946574c0f60bc498c09ffc313  D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MD5: feabe0bef35003e067068ea4fa476e69  D:\Program Files\Yuna Software\Messenger Plus!\VCamWLMFilter.ax
MD5: 5d2f23bffa06916b52bfb39980e87825  G:\Program Files\Alias\Maya7.0\docs\jre\bin\client\jvm.dll
MD5: a1169305dc1ed0400ab70483ba9b32f8  G:\Program Files\Alias\Maya7.0\docs\jre\bin\hpi.dll
MD5: 8745ff571ee37c933f104c951a124d89  G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.dll
MD5: cdf0124aa8cc75bc92b6b737eadad8d1  G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
MD5: 6d45cb8e9c51880862819a0b8355dd89  G:\Program Files\Alias\Maya7.0\docs\jre\bin\net.dll
MD5: 653a6bcb31fd20aeee22ebb9d083c4c3  G:\Program Files\Alias\Maya7.0\docs\jre\bin\verify.dll
MD5: d35064031860696303e1054e5c8a6a09  G:\Program Files\Alias\Maya7.0\docs\jre\bin\zip.dll
MD5: 80d8633f925758a1ecf04a82665d1e39  G:\Program Files\Alias\Maya7.0\docs\lib\wrapper.dll
MD5: c049ef30ace3e2beebc41e37fe4bb2a1  G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
MD5: c623057d3905323f760a8b3c8523c072  G:\Program Files\FileZilla Server\FileZilla Server.exe
MD5: 522ed38d26d3a13c020b1a553c01361c  G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
MD5: 427bcabe00b85561a667b68d573a838c  G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
MD5: f1b96cb5ee0958a0bc9edf2554427410  G:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll
MD5: cd3087b0f6b9d8152643452d04b00491  G:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll
MD5: f9982f8b1176597b81ed1285d1616ce7  G:\Program Files\TortoiseHg\_ctypes.pyd
MD5: 372cd4bfc36d5391a871d69993ffc3f5  G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MD5: f351940513629b58ebdb003605033d3f  G:\Program Files\TortoiseHg\PYTHON27.DLL
MD5: 3797d1a27b99b4fca9e10096663485d8  G:\Program Files\TortoiseHg\pythoncom27.dll
MD5: be9634a0b424cbc53073f9b9695d3811  G:\Program Files\TortoiseHg\pywintypes27.dll
MD5: 409aeca82f27aedc22a62ebe8dc06333  G:\Program Files\TortoiseHg\ThgShellx86.dll
MD5: b7bb1012f151b8a4494d1b2b5d1f2e86  G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MD5: fcd918718b5e4859ec4981df554dee35  G:\Program Files\TortoiseHg\win32api.pyd
MD5: 73fbbfe382ec587cf045f40df4b4b5e8  G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MD5: 9b6c4657261deec8fc946c6c90d31263  G:\Program Files\TortoiseHg\win32event.pyd
MD5: 216be721227564bb1b94106561865fb4  G:\Program Files\TortoiseHg\win32file.pyd
MD5: d78e0397069bd863f177e877707dfaa8  G:\Program Files\TortoiseHg\win32gui.pyd
MD5: 5bd00133905a6fe90860609a17979e49  G:\Program Files\TortoiseHg\win32pipe.pyd
MD5: 62a42dd4174ccf972630696448d6d1cc  G:\Program Files\TortoiseHg\win32process.pyd
MD5: b4da699d62559fcfb575432f727cc79b  G:\Program Files\TortoiseHg\win32security.pyd
MD5: f8302e3e534af5e3f2588a974bea80df  G:\Program Files\Tunngle\TnglCtrl.exe


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 2.09 KB recvd
Scanned 1215 files and modules - 154 seconds

==============================================================================

  • 0

#22
RKinner
Posted 18 April 2013 - 09:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ESET found mostly stuff we had already removed but it did find something in Java and also removed the utqymjgy.sys again.

Run OTL, Quickscan and post the log so we can see if utqymjgy.sys came back.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 9
Java SE Development Kit 7 Update 7
(If you must run Java get the latest version at java.com. Make sure you uncheck the optional foistware like the Ask Toolbar and McAfee Security Scan). Then go into Control Panel, Java, Security and set it to the highest level Apply.


Also uninstall:
Adobe Download Manager (No longer required by Adobe.)
IL Download Manager (You don't really need a download manager)
Messenger Plus! 5 (Usually comes with malware as a sponsor program)



Do you really need (if not uninstall):
LogMeIn Hamachi (Remote control application. Did you install it?)
Vuze (P2P application. Good source of viruses plus slows down the PC.)
Akamai NetSession Interface (P2P application. Good source of viruses plus slows down the PC.) See:
http://hedjahead.wor...sion-interface/


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#23
biggy c
Posted 19 April 2013 - 06:17 PM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Unfortunately, there's been some big problems. I noticed before seeing your new post that there's been constant download to the Content.IE5 again, and even worse, I'm getting google redirects caused by malware. I was in the process of following your instructions; I uninstalled all but Hamachi and Vuze. When I went to reboot after clearing those logs, I started getting blue screens when loading desktop; I can't get past the login screen, and it happens every time. The error message is IRQL_NOT_LESS_OR_EQUAL, and the given code at the bottom is STOP: 0x0000000A. I guess this is supposed to usually be a hardware or driver issue, but I'm at a loss at what to do at this point.

Edited by biggy c, 19 April 2013 - 06:17 PM.

  • 0

#24
RKinner
Posted 19 April 2013 - 06:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's normal to have some traffic to Content.IE5

If you are getting redirected then let's see an OTL, Quickscan.

For your BSOD:

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  • 0

#25
biggy c
Posted 19 April 2013 - 07:32 PM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It wasn't just some traffic, I had already gotten 150,00 files into that folder, which makes me think I was reinfected.

Here's the BSOD log:

==================================================
Dump File : 121212-22729-01.dmp
Crash Time : 2012/12/12 2:57:19 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x93f9185e
Parameter 3 : 0x89a5f9c0
Parameter 4 : 0x89a5f5a0
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+6385e
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16748 (win7_gdr.110125-1530)
Processor : 32-bit
Crash Address : dxgkrnl.sys+6385e
Stack Address 1 : cdd.dll+1793
Stack Address 2 : cdd.dll+52c2
Stack Address 3 : ntkrnlpa.exe+20e683
Computer Name :
Full Path : C:\Windows\Minidump\121212-22729-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 160,912
==================================================

==================================================
Dump File : 112512-26114-01.dmp
Crash Time : 2012/11/26 12:00:27 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x93f8685e
Parameter 3 : 0x8e3f69c0
Parameter 4 : 0x8e3f65a0
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+6385e
File Description : DirectX Graphics Kernel
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16748 (win7_gdr.110125-1530)
Processor : 32-bit
Crash Address : dxgkrnl.sys+6385e
Stack Address 1 : cdd.dll+1793
Stack Address 2 : cdd.dll+52c2
Stack Address 3 : ntkrnlpa.exe+20e683
Computer Name :
Full Path : C:\Windows\Minidump\112512-26114-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 160,912
==================================================

Edit: Just realized these are old BSOD's, let me try to scan it again.


Update: No minidump file seems to generate, even though I seem to have minidumps enabled. However, there was an event logged that indicated a driver failure:

Log Name: System
Source: sptd
Date: 2013/04/19 10:57:00 PM
Event ID: 4
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: HEAVENH-B8RJ5SH
Description:
Driver detected an internal error in its data structures for .
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="sptd" />
<EventID Qualifiers="49156">4</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-04-20T01:57:00.730803900Z" />
<EventRecordID>239205</EventRecordID>
<Channel>System</Channel>
<Computer>HEAVENH-B8RJ5SH</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>000000000100000000000000040004C0B80000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Edited by biggy c, 19 April 2013 - 08:10 PM.

  • 0

Advertisements

#26
RKinner
Posted 19 April 2013 - 08:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
sptd is throwing the error. It's part of Daemon tools or Alcohol or other DVD emulator software. There is a program called Defogger which will toggle it off and on:

http://www.bleepingc...nload/defogger/

I would try turning it off. See if that helps your BSOD.
  • 0

#27
biggy c
Posted 19 April 2013 - 09:30 PM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I disabled the driver, but it didn't work. After reading up a little bit, I saw the tip that you could enable driver verifier to see what driver is failing during BSOD's. Now I get a BSOD showing epfwwfp.sys failing, which is a driver for ESET it seems. This has a different error code and parameters than the other BSOD I was getting before though, so I'm not sure if this is actually the cause of the problem or not.

Edit: Also, the only mention now of failure in the event logs is a log which lists the boot-start or system-start drivers that failed to load, about 20 of them. This seems to be a log that happens after the BSOD was triggered though, at least from the ordering of the logs.

Edited by biggy c, 19 April 2013 - 09:49 PM.

  • 0

#28
RKinner
Posted 19 April 2013 - 10:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if you can uninstall the ESET thing.

Can you run VEW so I can see the errors?
  • 0

#29
biggy c
Posted 20 April 2013 - 04:47 AM

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Deleting epfwwfp.sys fixed the BSOD's it seems.

Here's the OTL log from before the BSOD's started:

OTL logfile created on: 2013/04/19 8:07:57 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 27.83% Memory free
10.50 Gb Paging File | 6.82 Gb Available in Paging File | 64.94% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 18.52 Gb Free Space | 23.15% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 11.93 Gb Free Space | 3.09% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 423.22 Gb Free Space | 22.72% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/29 16:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/14 16:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/07 18:07:08 | 009,139,200 | ---- | M] (MPC-HC Team) -- D:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/03/29 16:53:56 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/26 21:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/25 19:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2012/12/14 16:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2012/12/11 14:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 14:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 14:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/12/25 16:54:57 | 000,028,160 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/07/18 18:04:08 | 000,296,448 | ---- | M] () -- G:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/07/12 17:10:00 | 000,107,008 | ---- | M] () -- G:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2010/07/04 18:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/05/15 14:58:55 | 000,410,432 | ---- | M] () -- D:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/13 22:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 22:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/09/30 09:46:37 | 001,908,736 | ---- | M] () -- D:\Program Files\Matroska Pack\ffdshow\ffdshow.ax
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/26 02:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\SearchScopes,DefaultScope = {16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]
 
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2013/04/13 19:16:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/04/18 21:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/04/17 10:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/13 19:16:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/13 19:16:35 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2013/04/13 08:41:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/13 08:41:20 | 000,000,000 | ---D | C] -- \ComboFix
[2013/04/10 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 13:23:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/09 15:53:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 15:53:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 15:53:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- \Qoobox
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- \_OTL
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/04/19 20:13:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 20:03:40 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 20:03:40 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 12:13:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 19:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 19:16:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/10 15:46:18 | 003,773,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 13:23:41 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 19:29:07 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/09 19:29:07 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/04/09 19:29:07 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/04/09 19:29:07 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/04/10 13:23:41 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 15:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 15:53:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 15:53:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 15:53:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 15:53:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2013/04/18 00:29:25 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\@
[2013/04/18 00:29:25 | 000,028,672 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n
[2013/04/18 20:51:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L
[2013/04/18 00:30:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U
[2013/04/18 00:30:16 | 000,000,804 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L\00000004.@
[2013/04/18 00:29:47 | 000,002,048 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\00000004.@
[2013/04/18 00:30:17 | 000,232,960 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\00000008.@
[2013/04/18 00:29:47 | 000,001,632 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\000000cb.@
[2013/04/18 00:29:47 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@
[2013/04/18 00:30:16 | 000,092,672 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000032.@
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013/04/18 00:29:27 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n. -- File not found
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n. -- [2013/04/18 00:29:25 | 000,028,672 | -HS- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/02/28 17:57:15 | 000,015,658 | ---- | M] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2011/02/28 17:57:15 | 000,015,658 | ---- | C] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2010/10/30 19:36:33 | 000,221,216 | ---- | M] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(\?????.mp3.sfk) -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:59 | 002,567,549 | ---- | M] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(\?????.mp3) -- \東方幻奏箱.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | M] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(\EastNewSound ??????(x?y).mp3) -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:19 | 004,729,658 | ---- | M] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3

< End of report >

And here's the two VEW logs, taken after the BSOD's were fixed:

System:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2013 7:35:55 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2013 10:14:56 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 3:37:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 3:29:49 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 3:24:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 3:06:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 3:00:56 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2013 1:57:15 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2013 10:27:49 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

Log: 'System' Date/Time: 20/04/2013 10:27:49 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 20/04/2013 10:26:52 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891

Log: 'System' Date/Time: 20/04/2013 10:26:52 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891

Log: 'System' Date/Time: 20/04/2013 10:25:50 AM
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

Log: 'System' Date/Time: 20/04/2013 10:25:33 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 20/04/2013 10:25:20 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 20/04/2013 10:25:20 AM
Type: Error Category: 0
Event: 3 Source: Haspnt
The event description cannot be found.

Log: 'System' Date/Time: 20/04/2013 10:25:16 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

Log: 'System' Date/Time: 20/04/2013 10:25:16 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891

Log: 'System' Date/Time: 20/04/2013 10:25:15 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The epfwwfp service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 20/04/2013 10:25:15 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The DS1410D service failed to start due to the following error:  DS1410D is not a valid Win32 application.

Log: 'System' Date/Time: 20/04/2013 10:25:14 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 20/04/2013 10:16:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:16:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:16:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:16:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:16:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:16:03 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

Log: 'System' Date/Time: 20/04/2013 10:15:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2013 10:24:35 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 20/04/2013 10:24:35 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Log: 'System' Date/Time: 20/04/2013 10:12:04 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 20/04/2013 10:12:04 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Log: 'System' Date/Time: 20/04/2013 3:04:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 20/04/2013 3:04:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Application:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2013 7:40:08 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2013 10:25:09 AM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

Log: 'Application' Date/Time: 20/04/2013 10:12:39 AM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2013 10:25:09 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 20/04/2013 10:23:51 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 10:23:50 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 10:15:35 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 10:12:39 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 20/04/2013 10:11:16 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 10:11:16 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:38:16 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:34:45 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:34:44 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:30:16 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:26:56 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:26:56 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:25:01 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:15:52 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:15:52 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:06:41 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:03:25 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:03:24 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 20/04/2013 3:01:24 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

  • 0

#30
RKinner
Posted 20 April 2013 - 08:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes ZA is back. If you have Java, uninstall all versions of it. Also uninstall Adobe Reader, Adobe Flash. (You can redownload and install them later but these are the usual ways that you get ZA). We are going to have to go through the same routine again as before. If you still have a program you don't need to download a new copy. As always if something doesn't work, skip to the next one.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2011/02/28 17:57:15 | 000,015,658 | ---- | M] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2011/02/28 17:57:15 | 000,015,658 | ---- | C] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd

:files
C:\Windows\tasks\At*.job
C:\$RECYCLE.BIN\S-1-5-18
C:\Windows\assembly\GAC

:reg
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" =-
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" =-

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.
(Delete the old TDSSKiller log before running it again.)

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't reboot for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP