Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

redirect in IE and security center goes off [Solved]

Started by trickydicky , May 30 2013 01:13 AM

  • This topic is locked This topic is locked

#1
trickydicky
Posted 30 May 2013 - 01:13 AM

trickydicky

    Member

  • Member
  • PipPip
  • 21 posts
Win XP SP3 (home)
It started with false Security Center "infection", I manually removed the amsecure.exe.
Then I noticed that the Microsoft Security Essentials "green" icon was gone and the Security Center, instead of normal display said: Security Center services has not started or was stopped.
I manually re-started it in services.msc, but after about 10sec it stopped again.
I used free AVAST and re-scanned computer with no results.
Then, I tried several killers/scanners(tdsskiller, RootkitBuster, RogueKiller, HitmanPro, rkill, ComboFix) with no results.
Computer seems to be working OK, but any search on Google is re-directed, and AVAST stops the IE from going to the re-directed website - http://5998.jedeclick.com........
Any suggestions on what to do next?
#td
  • 0

Advertisements

#2
Jasmyne
Posted 30 May 2013 - 06:38 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started! :)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL.txt
2. Extras.txt
3. Logs from any of the tools you've previously run.
  • 0

#3
trickydicky
Posted 30 May 2013 - 08:19 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
[bleep] Jasmyne,
Thanks for your post.
Here are the reports:

1: OTL.txt

OTL logfile created on: 31/05/2013 9:45:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.22 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 77.49% Memory free
6.27 Gb Paging File | 5.68 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.77 Gb Total Space | 33.21 Gb Free Space | 39.64% Space Free | Partition Type: NTFS
Drive E: | 102.54 Gb Total Space | 14.28 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1436.31 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 1.95 Gb Free Space | 53.27% Space Free | Partition Type: FAT32
Drive S: | 931.51 Gb Total Space | 35.35 Gb Free Space | 3.79% Space Free | Partition Type: NTFS

Computer Name: PV-OFFICE | User Name: IP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 09:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
PRC - [2013/05/09 16:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/31 22:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/10 13:23:08 | 000,976,384 | ---- | M] (Quick And Easy Software) -- C:\Documents and Settings\IP\Desktop\USB_Disk_Eject.exe
PRC - [2009/05/14 18:09:24 | 000,069,632 | ---- | M] (LionMax Software) -- C:\Program Files\Everyday Auto Backup\AutoBackup.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 15:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/11/27 13:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/11/27 13:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2007/11/27 13:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2007/07/23 09:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/07/19 16:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/03/08 17:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2005/08/25 19:41:58 | 000,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
PRC - [2005/03/08 03:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/01/07 17:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/09/10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfBAgS.exe
PRC - [2004/07/07 12:17:02 | 000,200,769 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
PRC - [2002/08/12 03:01:00 | 000,118,784 | ---- | M] (SaverNow) -- C:\Program Files\SaverNow\SaverNow.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/30 22:56:01 | 002,086,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13053001\algo.dll
MOD - [2013/05/16 15:26:08 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/01/10 08:14:04 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:13:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2007/01/17 17:36:38 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/31 22:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2008/07/23 11:49:33 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/27 15:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/11/27 13:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/11/27 13:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/11/27 13:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2007/07/23 09:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/07/19 16:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/05/09 15:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/08 17:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2007/01/29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License manager)
SRV - [2004/09/10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\BrmfBAgS.exe -- (brmfbags)
SRV - [2004/07/07 12:17:02 | 000,200,769 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\DRIVERS\IOPORT.SYS -- (IOPort)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\hwinterface.sys -- (hwinterface)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/05/09 16:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 16:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 16:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 16:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 16:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/15 11:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/28 14:20:49 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\io.sys -- (io.sys)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/11/11 10:06:04 | 000,021,480 | ---- | M] (Orion) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssagload.sys -- (SSAGBASE)
DRV - [2009/09/18 11:31:38 | 000,010,588 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mpfilt.sys -- (mpfilt)
DRV - [2009/06/29 19:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/25 14:07:44 | 005,095,936 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/25 14:07:40 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/25 14:07:40 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 02:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/23 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/07/19 11:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2007/07/19 11:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2007/07/19 11:48:36 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2007/07/18 21:12:02 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2007/07/18 21:11:38 | 000,580,184 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK)
DRV - [2007/07/18 21:11:02 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2007/07/12 18:18:14 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2007/07/12 18:08:54 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2007/07/12 17:41:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2007/07/12 17:31:08 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2007/07/10 20:08:14 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2007/05/25 13:26:12 | 000,022,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k)
DRV - [2007/02/22 12:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2007/02/22 12:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2007/02/22 12:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2007/02/22 12:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/07/26 17:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/06/23 14:12:44 | 000,133,688 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S7oppilx.sys -- (S7oppilx)
DRV - [2005/06/23 14:12:38 | 000,494,135 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7otranx.sys -- (s7otranx)
DRV - [2005/06/23 14:11:54 | 000,076,343 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oppitx.sys -- (s7oppitx)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/08/27 16:18:50 | 000,097,920 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2004/08/13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2004/05/28 18:21:58 | 000,172,032 | ---- | M] (Siemens AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SNTIE.SYS -- (SNTIE)
DRV - [2004/05/20 17:35:16 | 000,010,240 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 13:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2000/07/30 15:43:04 | 000,022,848 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaudio.sys -- (nuvaudio)
DRV - [2000/07/16 12:52:42 | 000,135,424 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NUVision)
DRV - [2000/06/29 17:24:14 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\SearchScopes,DefaultScope = {C27CA259-4CFE-462C-8119-96F7F9500B02}
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\SearchScopes\{C27CA259-4CFE-462C-8119-96F7F9500B02}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/30 12:10:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\system32\drivers\Tray900.exe (Philips)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006..\Run: [Everyday Auto Backup] C:\Program Files\Everyday Auto Backup\AutoBackup.exe (LionMax Software)
O4 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006..\Run: [SaverNow] C:\Program Files\SaverNow\SaverNow.exe (SaverNow)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1369893817312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183101355484 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{104CB341-8DAA-40CF-A34F-F38448728D77}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A840101-0372-4689-8350-0C7D346D95E8}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\IP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/14 10:45:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/01 16:37:12 | 000,000,000 | ---D | M] - E:\AutoSketch -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - S:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/31 09:43:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
[2013/05/30 14:44:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/30 14:32:17 | 009,159,136 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\IP\Desktop\HitmanPro.exe
[2013/05/30 14:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/30 14:31:26 | 000,162,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/05/30 14:31:26 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/05/30 14:31:26 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/05/30 14:12:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/30 13:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\JavaRa
[2013/05/30 11:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\RK_Quarantine
[2013/05/30 09:07:01 | 005,075,099 | R--- | C] (Swearware) -- C:\Documents and Settings\IP\Desktop\ComboFix.exe
[2013/05/30 08:49:03 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/30 08:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\log
[2013/05/30 08:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\TMRBLog
[2013/05/30 08:40:02 | 025,707,760 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\IP\Desktop\SUPERAntiSpyware.exe
[2013/05/30 08:39:55 | 009,950,232 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\IP\Desktop\RootkitBusterV5.0-1129.exe
[2013/05/29 15:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/29 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/05/29 14:24:40 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IP\Desktop\tdsskiller.exe
[2013/05/29 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/05/28 10:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Local Settings\Application Data\Privatefirewall
[2013/05/28 10:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/05/28 10:19:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 10:16:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 10:16:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 10:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 10:16:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 10:16:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 10:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/27 12:25:54 | 000,477,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/05/27 12:25:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/05/27 11:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\Old_photos_from_dziadek
[2013/05/27 09:24:41 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/27 09:13:44 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/27 09:13:44 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/27 09:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/05/27 09:13:42 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/27 09:13:41 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/27 09:13:41 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/27 09:13:27 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/27 09:13:27 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/24 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Application Data\Curiolab
[2013/05/24 12:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/05/24 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/24 11:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/24 08:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\Can not start Windows XP Home Security Center
[2013/05/23 12:23:09 | 001,761,408 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\IP\Desktop\rkill.com
[2003/06/19 11:05:04 | 000,431,888 | --S- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\riched20.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/01 09:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
[2013/05/31 10:58:48 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\RogueKiller.exe
[2013/05/30 14:56:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 14:33:08 | 009,159,136 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\IP\Desktop\HitmanPro.exe
[2013/05/30 14:32:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IP\Desktop\tdsskiller.exe
[2013/05/30 14:31:12 | 000,162,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/05/30 14:31:12 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2013/05/30 14:31:12 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2013/05/30 14:31:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2013/05/30 14:17:58 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/30 14:17:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\pxisys.ini
[2013/05/30 14:17:25 | 000,000,030 | ---- | M] () -- C:\WINDOWS\pxiesys.ini
[2013/05/30 14:17:20 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/05/30 14:17:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 14:17:01 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\gnxz.job
[2013/05/30 14:16:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/30 14:16:57 | 3452,424,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 14:15:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/30 14:07:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/30 13:58:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\IP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 12:10:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/30 11:58:25 | 005,075,099 | R--- | M] (Swearware) -- C:\Documents and Settings\IP\Desktop\ComboFix.exe
[2013/05/30 08:49:02 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/29 22:36:06 | 009,950,232 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\IP\Desktop\RootkitBusterV5.0-1129.exe
[2013/05/29 20:56:00 | 025,707,760 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\IP\Desktop\SUPERAntiSpyware.exe
[2013/05/29 14:08:57 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/05/28 10:19:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/27 12:25:37 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/05/27 12:25:37 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/27 11:26:56 | 000,898,850 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.mp4
[2013/05/27 11:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/05/27 11:25:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/05/27 11:23:24 | 000,545,758 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.MOV
[2013/05/27 11:16:54 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/27 11:16:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/27 09:24:41 | 000,002,717 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/27 09:13:44 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/27 09:12:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/05/24 10:18:53 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\wscsvc.reg
[2013/05/24 08:58:13 | 000,011,606 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\securitycenterrestore.reg
[2013/05/23 12:43:07 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/23 09:32:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/23 08:33:10 | 000,212,992 | RHS- | M] () -- C:\WINDOWS\System32\iuengine4.dll
[2013/05/17 10:51:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\IP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/05/17 10:48:45 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 15:26:40 | 000,569,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 15:26:40 | 000,112,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/10 12:17:52 | 005,296,663 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077.JPG
[2013/05/10 12:07:46 | 000,588,486 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077_res15.jpg
[2013/05/09 16:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/09 16:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/09 16:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/09 16:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/09 16:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/09 16:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/09 16:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/07 12:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/03 10:45:41 | 000,000,000 | ---- | M] () -- C:\end
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/30 10:52:43 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\RogueKiller.exe
[2013/05/28 10:19:24 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013/05/28 10:19:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 10:16:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 10:16:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 10:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 10:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 10:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/27 11:26:55 | 000,898,850 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.mp4
[2013/05/27 11:25:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/05/27 11:25:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/05/27 11:23:24 | 000,545,758 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.MOV
[2013/05/27 09:24:41 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/27 09:24:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/27 09:24:41 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/27 09:13:44 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/24 14:55:48 | 3452,424,192 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/24 10:18:53 | 000,003,658 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\wscsvc.reg
[2013/05/24 08:58:12 | 000,011,606 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\securitycenterrestore.reg
[2013/05/23 12:43:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/23 08:33:10 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\gnxz.job
[2013/05/23 08:33:08 | 000,212,992 | RHS- | C] () -- C:\WINDOWS\System32\iuengine4.dll
[2013/05/10 12:07:46 | 000,588,486 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077_res15.jpg
[2013/05/10 12:06:14 | 005,296,663 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077.JPG
[2013/05/03 10:44:08 | 000,000,000 | ---- | C] () -- C:\end
[2013/04/03 09:49:30 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2013/04/03 09:49:30 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2013/01/30 11:54:02 | 000,001,830 | ---- | C] () -- C:\WINDOWS\iris.ini
[2012/09/17 12:44:14 | 000,010,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2012/07/18 10:48:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\housecall.guid.cache
[2012/06/01 12:12:47 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\IP\pixinsight-license
[2012/05/15 12:36:29 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\ssaguninstall.dll
[2012/05/15 12:36:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ssaginstall.dll
[2012/05/07 11:15:08 | 000,000,483 | ---- | C] () -- C:\WINDOWS\MRU.ini
[2012/05/07 11:09:27 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ESTIMATE-SETTING.INI
[2012/05/07 11:09:27 | 000,000,159 | ---- | C] () -- C:\WINDOWS\ALIGN-SETTING.INI
[2012/05/07 11:09:27 | 000,000,106 | ---- | C] () -- C:\WINDOWS\LIMIT-SETTING.INI
[2012/03/30 10:54:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/02/17 08:17:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 13:31:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/20 15:37:48 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2011/08/24 08:59:46 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\IP\RADIX.DAT
[2011/08/24 08:59:46 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\IP\DEFAULT.WSP
[2011/08/24 08:59:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\IP\WATCH.DAT
[2010/09/01 11:38:45 | 002,281,922 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2081799394-527439964-4044738135-1006-0.dat
[2010/09/01 11:38:44 | 000,308,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/04/08 14:54:24 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/04/08 14:46:37 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/03/15 10:49:03 | 000,038,440 | ---- | C] () -- C:\Documents and Settings\IP\Application Data\Comma Separated Values (Windows).ADR
[2009/04/21 15:21:06 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\fusioncache.dat
[2006/11/20 11:39:04 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\IP\ViewMate.cfg
[2006/07/08 11:58:29 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/21 15:20:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 08:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 21:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 13:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 08:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 19:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 20:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 20:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.HTM >
[2003/12/30 22:02:02 | 000,004,251 | ---- | M] () MD5=45451C433BBAF5F76B858FA1236FC448 -- C:\Program Files\National Instruments\LabVIEW 7.1\www\services.htm

< MD5 for: SERVICES.LNK >
[2013/05/24 11:45:43 | 000,001,602 | ---- | M] () MD5=71DD53372D8F234A69013A83D72B7FEA -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 20:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 20:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 20:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 7CA7-0E49
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
16/05/2013 03:26 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
16/05/2013 03:26 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
16/05/2013 03:21 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
09/01/2013 03:23 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\WcfSvcHost
24/08/2010 12:03 PM <JUNCTION> v4.0_10.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
5 Dir(s) 35,596,333,056 bytes free

< End of report >

Attached Files


  • 0

#4
Jasmyne
Posted 30 May 2013 - 08:21 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Also, next time the warning from Avast comes up could you please take a screenshot of it and post it for me?

Thanks,

Jasmyne
  • 0

#5
trickydicky
Posted 30 May 2013 - 08:22 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
2: Extras.txt

OTL Extras logfile created on: 31/05/2013 9:45:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.22 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 77.49% Memory free
6.27 Gb Paging File | 5.68 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.77 Gb Total Space | 33.21 Gb Free Space | 39.64% Space Free | Partition Type: NTFS
Drive E: | 102.54 Gb Total Space | 14.28 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1436.31 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 1.95 Gb Free Space | 53.27% Space Free | Partition Type: FAT32
Drive S: | 931.51 Gb Total Space | 35.35 Gb Free Space | 3.79% Space Free | Partition Type: NTFS

Computer Name: PV-OFFICE | User Name: IP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"21:TCP" = 21:TCP:*:Enabled:ftp
"443:TCP" = 443:TCP:*:Enabled:https
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\National Instruments\LabVIEW 7.1\LabVIEW.exe" = C:\Program Files\National Instruments\LabVIEW 7.1\LabVIEW.exe:*:Enabled:LabVIEW 7.1 Development System -- ()
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0285C8EA-A48F-4EAF-A485-69C46C464271}" = NI LabVIEW 8.5 VI.lib
"{02EA40E8-ABDF-45FC-A18A-52CE7A7822ED}" =
"{03178905-E40F-4FF3-AD16-D9310A89D8A6}" = NI Distribution Information - PDS English
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03B96C48-4001-46C7-AA89-6D8C5C32A5B8}" = NI Variable Manager
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D77EC38-3091-40AE-A028-3C7BBEB0FC09}" = NI LabVIEW 8.5 License
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E6909BB-656F-442D-81FE-17BBEE8542ED}" = Atmel Microcontroller ISP Software
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11A8F66F-7B73-422C-88B6-7187BEF92AE7}" = NI LabVIEW 7.1 Core Essentials
"{122E90F8-A899-4225-AA82-94CBA2AEA98D}" = NI LabVIEW 8.5 Examples
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{17F4ADCB-387E-43A5-8292-A4A37704D670}" = NI MDF Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A21BED943}" = Video DVD Maker v3.15.0.39
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20D21946-CC38-4380-94F7-E49A447AD12F}" = NI-MXDF 1.8.0f0
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{243F0DFE-9945-4212-93CD-9B49D38477BE}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{2461AEFD-6597-4B5F-9174-754B9DB56091}" = NI LabVIEW 8.5 Project
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45
"{2878CD7B-FD12-4ADE-9B90-11DF678EF18C}" = NI Instrument IO Assistant for LabVIEW 7.1
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D8A240A-B593-4A7A-8FE5-ED056D1112BA}" = NI Circuit Design Suite 10.1 Pro Licenses
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F4C21C2-2BDC-4226-961D-A9D297C4F34C}" = NI LabVIEW 8.5 Applibs
"{3116A1B1-4E07-46ED-89F9-57409D88588A}" = NI MetaSuite Installer
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34A6ADBE-2521-4634-96AA-E4B9C3F0BF20}" = AVRStudio4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A3DCADC-703E-4D52-A40B-0A4A3381E503}" = TD Keypad Designer V1.0.4.16
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1" = All My Books 1.5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4262645A-40CC-47C7-8934-903FB7E9DC09}" = NI-PAL 2.1.0f1
"{42CFD768-94A5-4C0D-A49A-88B536BAC551}" = FileNet Desktop eForms
"{45A162D5-CF6F-49C5-9B25-A0F5DF512664}" = NI LabVIEW 8.5 Resource
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{46563D8D-B2E5-4600-A620-DD33D3D48453}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{46893F4E-733A-426D-80BE-929A5A269646}" = NI LVBrokerAux71
"{46ADF464-9D63-47E0-B59F-0D9C3A60B4C4}" = NI DataSocket 4.5.0
"{47101908-553A-4767-94F5-1F2B58012F6D}" = NI LabVIEW 8.5 Help
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E0DE929-EB66-4A28-A351-645B22369078}" = NI Update Service 1.0
"{4E426404-8E81-4F4A-B6D9-1B9CD1487EA9}" = eDrawings 2008
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{518930BE-7875-4547-B026-20B92F695781}" = NI LabVIEW Run-Time Engine 7.1
"{5474BF08-A9D0-49A2-9FCA-4D081B3797B5}" = NI Logos XT Support
"{55762835-9A95-4A89-BFAE-8E46979C8C4B}" = NI LabVIEW 8.5 Manuals
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5DBDA3D6-7D16-419C-8434-219011CF652B}" = NI-VISA Runtime 4.2
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}" = Asoftech Photo Recovery
"{6B2DC860-5B05-40E6-93DE-F17AAFE0A526}" = NI Variable Engine
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7112A06F-A109-46CC-810E-070679754F77}" = NI LabVIEW Deployable License 8.5.0
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73935D21-6136-4FF6-8069-33D767E61429}" = NI-DIM 1.7.0f0
"{7469D3E1-2470-4539-81CB-A95036683D9B}" = NI Update Service Extras 1.0
"{74712ACB-DD68-4A05-8D2B-8ABD5B29087C}" = NI Circuit Design Suite 10.1 Core
"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5
"{768ECA63-EB76-4837-A4CC-58DA5A2FDAE9}" = NI LabVIEW 8.5 WWW
"{77F73F6E-139D-4B38-AB0D-6D2F0E860478}" = NI Logos 4.9.1
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7C0B9FD1-5181-4446-AD62-299873B5508B}" = NI Uninstaller
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{82D05F0A-8652-4F8F-BCD3-61DFFF4D660E}" = NI LabVIEW 8.5 Help File
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D0BDE5-5871-4EC8-8D31-63354170BF55}" = NI LabVIEW Picture Control and CIN Tools 7.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator
"{8961E141-B307-4882-ABAD-77A3E76A40C1}" = ASCOM Platform 6 - SP1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE51614-30BE-4F0F-B50F-459AB979D219}" = NI LabVIEW 8.5
"{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0
"{8FA9410D-5894-4191-B8A4-CCEFAE34051C}" = NI OPC Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9198EBF1-7EBB-40D4-87C8-7415CF8AE448}" = NI MXS
"{92FA4246-7317-4A35-A74C-EF7D15B28C03}" = NI PXI Platform Services for Windows 2.3.1
"{94435A21-A597-41AC-85BA-680E8348EB50}" = NI LabVIEW Application Builder 7.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95F1D58C-3A9C-4505-A554-A10322E4766B}" = NI-ORB 1.7.0f0
"{97C686BD-6FF3-4E3B-830D-552FE06128AA}" = NI LabVIEW 8.5 Templates
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C008728-2EF9-44A7-9149-EEC43B9F87AF}" = NI LabVIEW 8.5 Menus
"{9CBD429C-007F-4259-8EB2-706026720D8D}" = 8051IDE
"{9DA815FA-2238-4ED7-B7A8-C8F60688ADA9}" = BOB4 Conscriptor
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2C9C5D7-1B6E-439D-A4AF-5A2D93EBC334}" = S7-200 Explorer V1.0.4.16
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4ED947E-EC39-44F4-A576-44FA9E9F4AE3}" = NI Logos LabVIEW 8.5 Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98841B5-69CF-4D81-9BF1-5EA8968B3A1E}" = 232Analyzer
"{ABCE1FFB-A320-44ED-BEE8-68AF1791B35E}" = NI LabVIEW 8.5 MeasAppChm File
"{ABFAA6D6-7832-4C57-BF92-BA4A7244DE7C}" = NI LabVIEW 8.5 iMath
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B59C4A37-E4EA-41E8-922F-EF8E6762412F}" = NI-MDBG 1.7.0f0
"{B6440D7E-E115-4B11-8935-54A329E364E0}" = NI LabVIEW 8.5 gMath
"{B7944A61-5832-40F1-B052-1D0BAB45EF95}" = NI LabVIEW 8.5 Simulation
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA3602F6-F307-43B8-9879-F8F354C3382F}" = NI Circuit Design Suite 10.1 Pro
"{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4908416-75CE-456B-9AA5-531DE7FF6415}" = NI LabVIEW 8.5 User.lib
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9FCA660-EFE0-4B69-842D-4350311DADD8}" = Programming Editor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC01ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Device Drivers
"{CCC18ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Industrial Ethernet PG
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D105D090-E9E5-4572-A61C-01EDE7568A17}" = NI TDMS
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3BA79B7-823E-437A-A7E0-BDB2CB62C7BE}" = NI LabVIEW 7.1
"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D668B8E1-B877-4BDC-B7F6-8C7568297884}" = SIMATIC STEP 7-Micro/WIN V4.0.4.16
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{EB286A60-B231-4EAA-8611-7B9DDC0B3FB9}" = ViewMate 9.4.73
"{EB6AB017-B964-4573-9DDB-ACC32F95E28A}_is1" = Free WebM to MP4 Converter 1.0
"{EC610AB8-3B18-4AD9-BCE5-8D014C94CD64}" = NI Example Finder 8.5
"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation
"{EF5E0DBA-D61B-4DE4-942F-173A5F0839CC}_is1" = BASCOM-8051
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4AEDCEC-88CD-4408-80F4-6E7560AE2122}" = NI Variable Engine LabVIEW 8.5 Support
"{F7D0E9F5-6025-49FA-B13C-CFA27E062062}" = NI EULA Depot
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FADFF346-8180-4F39-AEC7-FE81087315BC}" = NI LabVIEW 8.5 CINtools
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC9144C1-F70B-47CF-BCDC-FEFE4C0BA7D1}" = NI LabVIEW 8.5 Instr.lib
"{FCC9BA43-E00A-4269-B0CA-6708ED300914}" = NI LabVIEW Full 7.1
"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support
"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Fh" = 1Fh 1.16
"4Videosoft Blu-ray to DivX Ripper_is1" = 4Videosoft Blu-ray to DivX Ripper
"4Videosoft Video Converter Platinum_is1" = 4Videosoft Video Converter Platinum
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASCOM Celestron Telescope Driver_is1" = ASCOM Celestron Telescope Driver 5.0.28
"ASCOM Platform 6 - SP1" = ASCOM Platform 6 - SP1
"AudioConverter Studio_is1" = AudioConverter Studio 5.9
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"avast" = avast! Free Antivirus
"Belarc Advisor 2.0" = Belarc Advisor 7.1
"Borders" = Borders
"CATraxx_is1" = CATraxx
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Direct MP3 Joiner_is1" = Direct MP3 Joiner 2.5
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter 2.4
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DriverLINX Port I/O Driver" = DriverLINX Port I/O Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.0.5 (04/07/2011) Qt
"EAGLE 4.16r2" = EAGLE 4.16r2
"EAGLE 5.11.0" = EAGLE 5.11.0
"EasyBCD" = EasyBCD 2.0
"Easy-PC" = Easy-PC for Windows
"e-Record 6" = e-Record 6
"ESET Online Scanner" = ESET Online Scanner v3
"Everyday Auto Backup_is1" = Everyday Auto Backup 1.20
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.1.2
"FastStone Photo Resizer" = FastStone Photo Resizer 3.0
"foobar2000" = foobar2000 v0.9.5
"Fotoworks XL Addon_is1" = Fotoworks XL Addon
"FotoWorks XL_is1" = FotoWorks XL
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"IviSharedComponent" = IVI Shared Components
"JDownloader" = JDownloader
"Keil µVision3" = Keil µVision3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.01
"LTspice IV" = LTspice IV
"M3U Creator" = M3U Creator 1.0
"Magic APE to MP3 Converter_is1" = Magic APE to MP3 Converter 3.72
"Maxim Integrated Products ToolKit_is1" = Maxim Integrated Products ToolKit
"MemPlus_is1" = MemPlus 1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MP3 WAV Converter 3.18" = MP3 WAV Converter 3.18
"MP4Joiner_is1" = MP4Joiner v2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSIS_olt1" = Oxford Learner's Thesaurus
"Open Video Joiner_is1" = Open Video Joiner version 3.3.0.1
"Orion StarShoot Autoguider Drivers_is1" = SSAG 2.0 Drivers
"P76xLCP Programmer" = P76xLCP Programmer
"PCL32" = PixInsight Core for Windows (x86)
"PHD Guiding for Orion_is1" = PHD Guiding 1.11.3
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PonyProg v1.17h_is1" = PonyProg v1.17h
"PowerISO" = PowerISO
"Prism" = Prism Video Converter
"QUICKfind" = QUICKfind server v1.1
"SaverNow" = SaverNow
"ST5UNST #1" = serialservo
"Stanza" = Stanza
"Stellarium_is1" = Stellarium 0.11.1
"Switch" = Switch
"SwitcherCAD III" = LTspice/SwCADIII
"TeamViewer 7" = TeamViewer 7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP LE" = Ipswitch WS_FTP LE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XRECODE_is1" = XRECODE
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2081799394-527439964-4044738135-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
"RegiStax 6" = RegiStax 6
"RegiStax 6.1.0.8 update" = RegiStax 6.1.0.8 update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/05/2013 4:07:29 AM | Computer Name = PV-OFFICE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 23/05/2013 4:17:07 AM | Computer Name = PV-OFFICE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 23/05/2013 4:17:23 AM | Computer Name = PV-OFFICE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 23/05/2013 9:16:29 PM | Computer Name = PV-OFFICE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 23/05/2013 9:54:59 PM | Computer Name = PV-OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2013 9:54:59 PM | Computer Name = PV-OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/05/2013 11:30:11 PM | Computer Name = PV-OFFICE | Source = MPSampleSubmission | ID = 5000
Description =

Error - 24/05/2013 2:20:39 AM | Computer Name = PV-OFFICE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 30/05/2013 12:10:36 AM | Computer Name = PV-OFFICE | Source = NI Variable Engine | ID = 0
Description =

Error - 30/05/2013 12:10:36 AM | Computer Name = PV-OFFICE | Source = NI Variable Engine | ID = 0
Description =

[ System Events ]
Error - 30/05/2013 1:54:44 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 30/05/2013 1:59:23 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7000
Description = The IOPort service failed to start due to the following error: %%2

Error - 30/05/2013 1:59:23 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 30/05/2013 1:59:23 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hwinterface

Error - 30/05/2013 2:18:30 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7000
Description = The IOPort service failed to start due to the following error: %%2

Error - 30/05/2013 2:18:30 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 30/05/2013 2:18:30 AM | Computer Name = PV-OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hwinterface

Error - 30/05/2013 2:36:57 AM | Computer Name = PV-OFFICE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 30/05/2013 2:39:53 AM | Computer Name = PV-OFFICE | Source = PlugPlayManager | ID = 12
Description = The device 'NIPALK' (Root\LEGACY_NIPALK\0000) disappeared from the
system without first being prepared for removal.

Error - 30/05/2013 9:33:18 PM | Computer Name = PV-OFFICE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.1.1.2 on the
Network
Card with network address 6CF049185576.


< End of report >
  • 0

#6
trickydicky
Posted 30 May 2013 - 08:28 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Attached is AVAST warning screen-shot ...


:help:

Attached Thumbnails

  • Avast-URL-Blocked.JPG

  • 0

#7
Jasmyne
Posted 30 May 2013 - 08:31 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
If you could also post the ComboFix log, it should be located at C:\combofix.txt. If not, that's okay I was just curious to see what it removed. I'll start going through these logs and get a fix posted to my instructor for approval soon. :)

Thanks,

Jasmyne
  • 0

#8
trickydicky
Posted 30 May 2013 - 08:39 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I deleted some files from the desktop, and then from RecycleBin, and ComboFix log was among those, so I don't have it ..
  • 0

#9
Jasmyne
Posted 30 May 2013 - 08:40 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
That's okay, I was mainly curious to see what it had removed. I'll be able to work with the logs I have, but thank you for looking. :)

Jasmyne
  • 0

#10
Jasmyne
Posted 31 May 2013 - 07:26 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have noticed in your logs that you currently have two antivirus programs running (Trend Micro and Avast!). Having two antivirus programs not only hogs system resources, but many times they conflict with each other and the detection rates are worse, not better. Both are good antivirus programs, so keep which ever one you would like and please uninstall the other one.

If by chance you still have the TDSSKiller log could you please post it? It should be saved at C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.

Step 1 - Run RogueKiller

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2 - Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. TDSSKiller Log (if available)
2. RogueKiller Logs
3. aswMBR Log
  • 0

Advertisements

#11
trickydicky
Posted 01 June 2013 - 07:33 AM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi,
Thanks.
TrendMicro was uninstalled long time ago, then I installed Microsfot Security Esentials.
But because of the infection it become invisible, so I uninstalled it and installed Avast to scan my computer.
As I said, Trend was uninstalled, and there is not even it's icon anywhere to be seen. Maybe there is still something that was left unmoved after the uninstall action process.

At this moment I am out the town and will be back on Wednesday and will do all the scans that you recommended...
Thank again
#td
  • 0

#12
Jasmyne
Posted 01 June 2013 - 07:37 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
There are still signs of TrendMicro on your computer, but we can get them all removed before we are finished. Thank you for letting me know you will be gone, I will make sure that this thread remains open.

Jasmyne
  • 0

#13
trickydicky
Posted 04 June 2013 - 08:17 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, here is the 1st RougueKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IP [Admin rights]
Mode : Scan -- Date : 06/05/2013 10:08:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] USB_Disk_Eject.exe -- C:\Documents and Settings\IP\Desktop\USB_Disk_Eject.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 +++++
--- User ---
[MBR] 47cb60245a375777567327bd8bddd31e
[BSP] 3caf64ad59716b0ab9423fee3e2a5e40 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 +++++
--- User ---
[MBR] 5eac75a88bde4774469ce596c4756b28
[BSP] af3a293ffdca503562d9493e0d50fa8e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2000JB-00KFA0 +++++
--- User ---
[MBR] 758aafbe53de85cfaed8d93f6630069d
[BSP] 5fcd6c34a44123adacb30b492245099b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 85776 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 175670775 | Size: 105002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06052013_02d1008.txt >>
RKreport[1]_S_06052013_02d1008.txt
  • 0

#14
trickydicky
Posted 04 June 2013 - 08:17 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the 2nd RougueKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IP [Admin rights]
Mode : Remove -- Date : 06/05/2013 10:09:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] USB_Disk_Eject.exe -- C:\Documents and Settings\IP\Desktop\USB_Disk_Eject.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 +++++
--- User ---
[MBR] 47cb60245a375777567327bd8bddd31e
[BSP] 3caf64ad59716b0ab9423fee3e2a5e40 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DM001-9YN164 +++++
--- User ---
[MBR] 5eac75a88bde4774469ce596c4756b28
[BSP] af3a293ffdca503562d9493e0d50fa8e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2000JB-00KFA0 +++++
--- User ---
[MBR] 758aafbe53de85cfaed8d93f6630069d
[BSP] 5fcd6c34a44123adacb30b492245099b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 85776 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 175670775 | Size: 105002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06052013_02d1009.txt >>
RKreport[1]_S_06052013_02d1008.txt ; RKreport[2]_D_06052013_02d1009.txt
  • 0

#15
trickydicky
Posted 04 June 2013 - 08:19 PM

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the 3rd RougueKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IP [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/05/2013 10:14:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] USB_Disk_Eject.exe -- C:\Documents and Settings\IP\Desktop\USB_Disk_Eject.exe [-] -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 38 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 679 / Fail 0
My documents: Success 16 / Fail 16
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 179 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[S:] \Device\HarddiskVolume1 -- 0x3 --> Restored

Finished : << RKreport[3]_SC_06052013_02d1014.txt >>
RKreport[1]_S_06052013_02d1008.txt ; RKreport[2]_D_06052013_02d1009.txt ; RKreport[3]_SC_06052013_02d1014.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP