Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows 8 MBR code detected/ left overs [Solved]

Started by lego126 , Nov 07 2013 09:46 PM

  • This topic is locked This topic is locked

#1
lego126
Posted 07 November 2013 - 09:46 PM

lego126

    New Member

  • Member
  • Pip
  • 8 posts
My computer's been acting a little strange for late few days. I did notice a few months ago, my wife had installed a <recipe toolbar> on Firefox. As soon as I seen it I scaned w/ SAS, Mbam, and Avg, can't member details, but several problems were found and I Thought taken care of. Either way here is the start.

OTL logfile created on: 11/7/2013 10:32:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lego\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 68.77% Memory free
12.20 Gb Paging File | 10.17 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 57.29 Gb Free Space | 19.22% Space Free | Partition Type: NTFS
Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 6.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 59.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEGO-PC | User Name: Lego | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/06 22:54:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lego\Desktop\OTL.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/07 11:16:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/16 19:56:08 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Cricket Broadband EC1705.exe
PRC - [2011/07/16 19:56:00 | 000,196,608 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe
PRC - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/04/23 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/16 19:56:08 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Cricket Broadband EC1705.exe
MOD - [2011/07/16 19:56:02 | 000,859,648 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\SMSUIPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,735,744 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\SmsAppPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\USSDUIPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,323,072 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\StatusBarMgrPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,270,848 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\sdk.dll
MOD - [2011/07/16 19:56:02 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\ToolBarMgrPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\SmsSrvPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\XFramePlugin.dll
MOD - [2011/07/16 19:56:02 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\XCodec.dll
MOD - [2011/07/16 19:56:02 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\STKSrvPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\VPNPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Trace.dll
MOD - [2011/07/16 19:56:02 | 000,123,904 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\USSDSrvPlugin.dll
MOD - [2011/07/16 19:56:02 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Win7Support.dll
MOD - [2011/07/16 19:56:01 | 009,515,520 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\QtGui4.dll
MOD - [2011/07/16 19:56:01 | 001,148,416 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\QtNetwork4.dll
MOD - [2011/07/16 19:56:01 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\QtNetwork4.dll
MOD - [2011/07/16 19:56:00 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\QtGui4.dll
MOD - [2011/07/16 19:56:00 | 002,415,104 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\QtCore4.dll
MOD - [2011/07/16 19:56:00 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\QtCore4.dll
MOD - [2011/07/16 19:56:00 | 001,097,728 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NDISAPI.dll
MOD - [2011/07/16 19:56:00 | 001,080,320 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\AddrBookPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,744,960 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\AddrBookUIPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,552,960 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\CallAppPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,549,376 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DeviceMgrUIPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,546,304 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\CallLogSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,544,768 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\PluginContainer.dll
MOD - [2011/07/16 19:56:00 | 000,463,360 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetInfoUIExPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Proxy.dll
MOD - [2011/07/16 19:56:00 | 000,388,096 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DialupUIPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,362,496 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DeviceAppPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,343,552 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\core.dll
MOD - [2011/07/16 19:56:00 | 000,328,704 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetConnectPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DeviceSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,280,576 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\AddrBookSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetInfoSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,255,488 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\MenuMgrPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,231,936 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\AtCodec.dll
MOD - [2011/07/16 19:56:00 | 000,219,136 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\LiveUpdateInterface.dll
MOD - [2011/07/16 19:56:00 | 000,218,624 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetInfoRecordUIPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,218,624 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\Common.dll
MOD - [2011/07/16 19:56:00 | 000,213,504 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DialUpPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,196,608 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe
MOD - [2011/07/16 19:56:00 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NDISPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\DataServicePlugin.dll
MOD - [2011/07/16 19:56:00 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\CallSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,155,136 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NetConnectSrvPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\OSDialup.dll
MOD - [2011/07/16 19:56:00 | 000,122,368 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\ATR2SMgr.dll
MOD - [2011/07/16 19:56:00 | 000,117,248 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\LayoutPlugin.dll
MOD - [2011/07/16 19:56:00 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\OSNDIS.dll
MOD - [2011/07/16 19:56:00 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\OSAdapt.dll
MOD - [2011/07/16 19:56:00 | 000,092,672 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\NotifyServicePlugin.dll
MOD - [2011/07/16 19:56:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\OSPowerMgr.dll
MOD - [2011/07/16 19:56:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\OSCall.dll
MOD - [2011/07/16 19:56:00 | 000,043,008 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\libgcc_s_dw2-1.dll
MOD - [2011/07/16 19:56:00 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\libgcc_s_dw2-1.dll
MOD - [2011/07/16 19:56:00 | 000,011,362 | ---- | M] () -- C:\ProgramData\Cricket Broadband EC1705\userdata\mingwm10.dll
MOD - [2011/07/16 19:56:00 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Cricket Broadband EC1705\mingwm10.dll
MOD - [2011/07/08 23:51:17 | 000,329,272 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\ppgooglenaclpluginchrome.dll
MOD - [2011/07/08 23:51:16 | 003,649,592 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
MOD - [2011/07/08 23:50:01 | 000,496,184 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\libglesv2.dll
MOD - [2011/07/08 23:49:59 | 000,106,552 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\libegl.dll
MOD - [2011/07/08 23:49:50 | 000,104,520 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\avutil-50.dll
MOD - [2011/07/08 23:49:48 | 000,203,848 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\avformat-52.dll
MOD - [2011/07/08 23:49:47 | 001,846,344 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\avcodec-52.dll
MOD - [2011/07/08 21:31:29 | 006,333,088 | ---- | M] () -- C:\Users\Lego\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
MOD - [2007/04/23 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/15 16:39:08 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/01 19:18:27 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/07 11:16:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/07 00:51:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 00:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/07/16 19:56:02 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/07/16 19:56:02 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/07/16 19:56:02 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/07/16 19:56:02 | 000,083,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/26 21:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/06/10 05:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/01/20 21:50:10 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:46:34 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/04/11 15:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 15:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/11/06 22:27:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2012/05/04 12:24:13 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/05/04 12:24:13 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/05/04 12:24:13 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/11/22 13:36:38 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lego\Downloads
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\..\SearchScopes,DefaultScope = {4990DBDC-A619-4544-A9BC-059B19C56058}
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\..\SearchScopes\{4990DBDC-A619-4544-A9BC-059B19C56058}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 00 48 A4 F5 B0 CC 01 [binary data]
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED C6 E7 B4 0B 4D CD 01 [binary data]
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}:6.0.38
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/01 19:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/23 10:22:03 | 000,000,000 | ---D | M]

[2012/01/09 19:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lego\AppData\Roaming\Mozilla\Extensions
[2013/11/01 19:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\extensions
[2013/07/19 21:35:00 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/06/26 15:42:31 | 000,004,809 | ---- | M] () -- C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\searchplugins\ddo-wiki-en.xml
[2012/04/21 20:56:37 | 000,009,620 | ---- | M] () -- C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\searchplugins\my-web-search.xml
[2013/07/12 19:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/25 12:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/11/01 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/01 19:18:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://www.bing.com/
CHR - Extension: Angry Birds = C:\Users\Lego\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

O1 HOSTS File: ([2013/11/07 00:50:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000..\Run: [HW_OPENEYE_OUC_Cricket Broadband EC1705] C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe ()
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001..\Run: [HW_OPENEYE_OUC_Cricket Broadband EC1705] C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe ()
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500..\Run: [HW_OPENEYE_OUC_Cricket Broadband EC1705] C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe ()
O4 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759454206-1642175060-2019140610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{487579B3-0997-4033-A5E7-1FDE5DB35F8A}: NameServer = 10.133.20.11 10.132.20.11
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Lego\Pictures\Capture.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lego\Pictures\Capture.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/31 17:00:00 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/12/29 20:16:52 | 000,131,072 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/30 04:12:34 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 21:58:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lego\Desktop\aswMBR.exe
[2013/11/07 21:40:52 | 000,000,000 | ---D | C] -- C:\35b4ca8caeae17baa70b22fd6b42
[2013/11/07 20:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaming PC
[2013/11/07 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Gaming PC
[2013/11/07 20:44:53 | 000,000,000 | ---D | C] -- C:\Users\Lego\Desktop\tdsskiller
[2013/11/07 20:42:37 | 001,367,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2013/11/07 20:42:37 | 000,292,736 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2013/11/07 20:42:37 | 000,287,616 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2013/11/07 20:42:37 | 000,256,896 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2013/11/07 20:42:37 | 000,132,480 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2013/11/07 20:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2013/11/07 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puran Defrag
[2013/11/07 00:54:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/07 00:30:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/07 00:30:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/07 00:30:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/07 00:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/07 00:28:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/07 00:25:54 | 005,144,303 | R--- | C] (Swearware) -- C:\Users\Lego\Desktop\ComboFix.exe
[2013/11/06 23:56:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/11/06 23:39:25 | 000,000,000 | ---D | C] -- C:\Users\Lego\Desktop\OTL Tutorial - How to use OldTimer ListIt - Geeks to Go Forums_files
[2013/11/06 23:08:00 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Lego\Desktop\TFC.exe
[2013/11/06 22:54:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lego\Desktop\OTL.exe
[2013/11/06 22:27:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/11/06 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Lego\AppData\Local\eSupport.com
[2013/11/06 20:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2013/11/06 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/11/06 20:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/11/06 20:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
[2013/11/06 20:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WizTree
[2013/11/06 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\Lego\AppData\Local\CrashDumps
[2013/11/06 06:27:16 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/11/06 06:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/11/06 06:26:56 | 000,000,000 | ---D | C] -- C:\Users\Lego\AppData\Roaming\IObit
[2013/11/05 20:35:56 | 000,000,000 | ---D | C] -- C:\Users\Lego\Desktop\scan logs
[2013/11/05 20:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/11/05 20:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/05 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\Lego\AppData\Roaming\BlueSprig
[2013/11/05 19:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetClean
[2013/11/05 19:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueSprig
[2013/11/05 15:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/11/05 14:28:49 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/11/05 14:28:48 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/10/30 20:44:29 | 000,000,000 | ---D | C] -- C:\Users\Lego\Documents\aetolia
[2013/10/26 20:42:41 | 000,000,000 | ---D | C] -- C:\Python27
[2013/10/26 19:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 3.3 (64-bit)
[2013/10/26 19:17:22 | 000,000,000 | ---D | C] -- C:\Python33
[2013/10/26 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 2.7 (64-bit)
[2013/10/24 20:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/21 10:49:12 | 000,000,000 | ---D | C] -- C:\Windows\ansalon
[2013/10/11 12:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RoAClient
[1 C:\Users\Lego\AppData\Local\*.tmp files -> C:\Users\Lego\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/07 22:04:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 22:04:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 21:59:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 21:58:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lego\Desktop\aswMBR.exe
[2013/11/07 21:45:32 | 000,085,367 | ---- | M] () -- C:\Users\Lego\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.htm
[2013/11/07 21:41:52 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/07 20:59:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 18:11:06 | 000,802,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 18:11:06 | 000,672,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 18:11:06 | 000,131,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/07 18:04:34 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/11/07 18:04:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 00:50:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/07 00:27:15 | 005,144,303 | R--- | M] (Swearware) -- C:\Users\Lego\Desktop\ComboFix.exe
[2013/11/07 00:22:14 | 000,116,200 | ---- | M] () -- C:\Users\Lego\Desktop\Unknown file in Winsock LSP - Geeks to Go Forums.htm
[2013/11/07 00:20:57 | 000,080,384 | ---- | M] () -- C:\Users\Lego\Desktop\MBRCheck.exe
[2013/11/07 00:09:58 | 000,231,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/06 23:39:30 | 000,287,189 | ---- | M] () -- C:\Users\Lego\Desktop\OTL Tutorial - How to use OldTimer ListIt - Geeks to Go Forums.htm
[2013/11/06 23:16:56 | 000,095,273 | ---- | M] () -- C:\Users\Lego\Desktop\spyware cleaning.htm
[2013/11/06 23:08:04 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Lego\Desktop\TFC.exe
[2013/11/06 22:59:10 | 000,046,576 | ---- | M] () -- C:\Users\Lego\Desktop\ComboFix A guide and tutorial on using ComboFix.htm
[2013/11/06 22:54:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lego\Desktop\OTL.exe
[2013/11/06 22:27:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/11/06 20:19:56 | 000,001,038 | ---- | M] () -- C:\Users\Lego\Desktop\Cricket Broadband EC1705.lnk
[2013/11/05 21:00:03 | 000,422,942 | ---- | M] () -- C:\Users\Lego\Desktop\mbam.jpg
[2013/11/05 20:37:59 | 000,000,635 | ---- | M] () -- C:\Users\Lego\Desktop\tools - Shortcut.lnk
[2013/11/05 20:34:55 | 000,014,848 | ---- | M] () -- C:\Users\Lego\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/05 20:32:21 | 000,066,222 | ---- | M] () -- C:\Users\Lego\Desktop\Using MGtools - MajorGeeks Support Forums.htm
[2013/11/05 20:31:59 | 000,047,158 | ---- | M] () -- C:\Users\Lego\Desktop\HitmanPro - How to scan and obtain a log - MajorGeeks Support Forums.htm
[2013/11/05 20:31:37 | 000,045,095 | ---- | M] () -- C:\Users\Lego\Desktop\TDSSkiller - How to run - MajorGeeks Support Forums.htm
[2013/11/05 20:31:30 | 000,064,963 | ---- | M] () -- C:\Users\Lego\Desktop\Vista & Windows 7 Malware Removal Cleaning Procedure - MajorGeeks Support Forums.htm
[2013/11/05 20:23:41 | 000,267,191 | ---- | M] () -- C:\Users\Lego\Desktop\how to.jpg
[2013/11/05 20:14:27 | 001,990,493 | ---- | M] () -- C:\MGtools.exe
[2013/11/05 19:51:28 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\JetClean.lnk
[2013/11/05 16:16:54 | 000,006,282 | ---- | M] () -- C:\Users\Lego\Documents\cc_20131105_161649.reg
[2013/11/05 15:09:36 | 000,000,854 | ---- | M] () -- C:\Users\Lego\Desktop\firefox.exe - Shortcut.lnk
[2013/11/05 15:07:57 | 000,001,356 | ---- | M] () -- C:\Users\Lego\AppData\Local\d3d9caps.dat
[2013/11/05 15:00:36 | 000,001,460 | ---- | M] () -- C:\Users\Lego\AppData\Local\d3d9caps64.dat
[2013/11/05 14:36:58 | 000,000,134 | ---- | M] () -- C:\Users\Lego\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2013/11/04 22:51:54 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/11/04 22:48:25 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/10/26 17:13:37 | 000,008,726 | ---- | M] () -- C:\Users\Lego\Documents\aetolia.MCL
[2013/10/26 00:00:49 | 003,329,668 | ---- | M] () -- C:\Users\Lego\Documents\Ardissal2.pdf
[2013/10/25 15:58:49 | 000,082,259 | ---- | M] () -- C:\Users\Lego\Documents\BC_RMA.pdf
[2013/10/21 22:29:07 | 000,001,310 | ---- | M] () -- C:\Users\Lego\Desktop\MUSHclient - Shortcut.lnk
[1 C:\Users\Lego\AppData\Local\*.tmp files -> C:\Users\Lego\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/07 21:45:32 | 000,085,367 | ---- | C] () -- C:\Users\Lego\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.htm
[2013/11/07 21:41:52 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/07 00:30:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/07 00:30:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/07 00:30:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/07 00:30:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/07 00:30:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/07 00:22:14 | 000,116,200 | ---- | C] () -- C:\Users\Lego\Desktop\Unknown file in Winsock LSP - Geeks to Go Forums.htm
[2013/11/07 00:20:57 | 000,080,384 | ---- | C] () -- C:\Users\Lego\Desktop\MBRCheck.exe
[2013/11/06 23:39:24 | 000,287,189 | ---- | C] () -- C:\Users\Lego\Desktop\OTL Tutorial - How to use OldTimer ListIt - Geeks to Go Forums.htm
[2013/11/06 23:16:56 | 000,095,273 | ---- | C] () -- C:\Users\Lego\Desktop\spyware cleaning.htm
[2013/11/06 22:59:09 | 000,046,576 | ---- | C] () -- C:\Users\Lego\Desktop\ComboFix A guide and tutorial on using ComboFix.htm
[2013/11/06 20:19:56 | 000,001,038 | ---- | C] () -- C:\Users\Lego\Desktop\Cricket Broadband EC1705.lnk
[2013/11/06 06:26:56 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/11/05 21:00:03 | 000,422,942 | ---- | C] () -- C:\Users\Lego\Desktop\mbam.jpg
[2013/11/05 20:37:59 | 000,000,635 | ---- | C] () -- C:\Users\Lego\Desktop\tools - Shortcut.lnk
[2013/11/05 20:32:20 | 000,066,222 | ---- | C] () -- C:\Users\Lego\Desktop\Using MGtools - MajorGeeks Support Forums.htm
[2013/11/05 20:31:58 | 000,047,158 | ---- | C] () -- C:\Users\Lego\Desktop\HitmanPro - How to scan and obtain a log - MajorGeeks Support Forums.htm
[2013/11/05 20:31:36 | 000,045,095 | ---- | C] () -- C:\Users\Lego\Desktop\TDSSkiller - How to run - MajorGeeks Support Forums.htm
[2013/11/05 20:31:26 | 000,064,963 | ---- | C] () -- C:\Users\Lego\Desktop\Vista & Windows 7 Malware Removal Cleaning Procedure - MajorGeeks Support Forums.htm
[2013/11/05 20:23:40 | 000,267,191 | ---- | C] () -- C:\Users\Lego\Desktop\how to.jpg
[2013/11/05 20:14:06 | 001,990,493 | ---- | C] () -- C:\MGtools.exe
[2013/11/05 19:51:28 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\JetClean.lnk
[2013/11/05 16:16:51 | 000,006,282 | ---- | C] () -- C:\Users\Lego\Documents\cc_20131105_161649.reg
[2013/11/05 15:09:36 | 000,000,854 | ---- | C] () -- C:\Users\Lego\Desktop\firefox.exe - Shortcut.lnk
[2013/11/05 14:54:12 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/11/05 14:36:58 | 000,000,134 | ---- | C] () -- C:\Users\Lego\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2013/11/04 22:51:54 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/10/26 00:00:49 | 003,329,668 | ---- | C] () -- C:\Users\Lego\Documents\Ardissal2.pdf
[2013/10/25 15:58:49 | 000,082,259 | ---- | C] () -- C:\Users\Lego\Documents\BC_RMA.pdf
[2013/10/21 22:29:07 | 000,001,310 | ---- | C] () -- C:\Users\Lego\Desktop\MUSHclient - Shortcut.lnk
[2012/10/01 22:40:55 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/19 16:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/26 02:38:54 | 000,001,892 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2012/04/22 22:36:11 | 000,003,015 | ---- | C] () -- C:\Users\Lego\SkyrimPrefs.ini
[2012/04/22 22:36:11 | 000,000,186 | ---- | C] () -- C:\Users\Lego\Skyrim.ini
[2012/01/09 19:09:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/11/07 11:09:55 | 000,020,402 | ---- | C] () -- C:\Users\Lego\AppData\Roaming\UserTile.png
[2011/09/26 01:15:41 | 000,000,092 | ---- | C] () -- C:\Users\Lego\AppData\Local\fusioncache.dat
[2011/07/31 07:36:05 | 000,001,356 | ---- | C] () -- C:\Users\Lego\AppData\Local\d3d9caps.dat
[2011/07/16 23:13:39 | 000,000,632 | RHS- | C] () -- C:\Users\Lego\ntuser.pol
[2011/07/16 23:06:31 | 000,014,848 | ---- | C] () -- C:\Users\Lego\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 19:52:56 | 000,001,460 | ---- | C] () -- C:\Users\Lego\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2013/01/25 12:33:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2013
[2012/01/15 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Corrine\AppData\Roaming\Bioshock
[2011/07/28 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Corrine\AppData\Roaming\Lionhead Studios
[2012/03/07 14:53:29 | 000,000,000 | ---D | M] -- C:\Users\Corrine\AppData\Roaming\Origin
[2013/02/09 08:13:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/02/09 08:13:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/01/31 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\2K Sports
[2013/01/23 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\AVG2013
[2012/05/05 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Blender Foundation
[2013/11/05 19:51:30 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\BlueSprig
[2011/09/07 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Canon
[2011/08/17 10:50:02 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\GlarySoft
[2011/07/27 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\ImgBurn
[2013/11/06 06:26:56 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\IObit
[2011/09/26 08:11:34 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\LimeWire
[2011/07/27 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Lionhead Studios
[2012/03/24 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\LucasArts
[2012/03/03 01:06:32 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Origin
[2011/11/07 11:09:55 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\PeerNetworking
[2011/07/16 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Program Files (x86)
[2011/11/09 00:59:26 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\PunkBuster
[2011/10/08 10:05:52 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\The Creative Assembly
[2013/01/23 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\TuneUp Software
[2011/11/29 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Ubisoft
[2013/11/06 00:17:24 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\uTorrent
[2012/11/23 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\Lego\AppData\Roaming\Wizards of the Coast

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 717 bytes -> C:\Users\Lego\Documents\Gun control.eml:OECustomProperty
@Alternate Data Stream - 504 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report > Not sure if you need the extras log, but if so , just let me know. I've got them saved. and Ty for the service.
  • 0

Advertisements

#2
Valinorum
Posted 08 November 2013 - 03:10 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi lego126, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

My computer's been acting a little strange for late few days.

Can you be specific with you issue? It will be helpful.

I see you have Combofix in your system. It is a very powerful removal tool and should not be run without proper guidance as there has been incidents of unbootable device with the wrong implication of the aforementioned tool. If you have already run this tool, post the log in your next reply which is located in C:\Combofix.txt.

Please post the Extras.txt log as well.

 

  • Required Log(s):
  • Extras.txt;
  • Combofix.txt (if you have run the tool).

I await your reply

Regards,
Valinorum
  • 0

#3
lego126
Posted 08 November 2013 - 04:19 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Greeting Valinorum, and thank you for this service.
Problems I've been having, A few days ago, I been getting a few pop-ups, I wish I had saved a screen shot of the message, it was something like, <please stay on this page>. I will post the extras file. I usually can get rid of the annoyances on my own, with Spy-bot, Mbam, and a few others, which is what I ran when I first noticed my wife had installed a total recipe toolbar. I think I might have gotten all the problems, but I'm just not sure. OTL Extras logfile created on: 11/7/2013 10:32:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lego\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 68.77% Memory free
12.20 Gb Paging File | 10.17 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 57.29 Gb Free Space | 19.22% Space Free | Partition Type: NTFS
Drive D: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 6.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 59.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEGO-PC | User Name: Lego | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 3C D7 73 E9 BF 7E CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1759454206-1642175060-2019140610-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F339DD-D6DF-4DAB-BDB4-022A21B06552}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{06D16844-B0D6-4B98-A12E-C573056C3CBE}" = rport=139 | protocol=6 | dir=out | app=system |
"{13BC8F52-FEC1-4B16-9ACC-E69ED98347A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E9804FF-9D8E-4E06-802B-E26C3F3F33C7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23C53FFA-8AD8-4818-85DE-E3CC7823F09E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{27C51B2B-F41F-48F1-85EC-C6AE86F3D89C}" = lport=137 | protocol=17 | dir=in | app=system |
"{33FE9E22-D2D8-444B-91FA-6E18009E4762}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3958DD77-02E2-4AE4-A01A-9C15CFE817A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{4866C23A-1094-478B-B41F-69D016295E4D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B978690-E05F-463D-A08C-CDB62ACD13D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{5349E8BB-E433-4498-8182-D5151BF74BE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{67DE4681-7849-4697-B5AB-AC2C22052B41}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6F93728E-6F38-473E-8085-4A9279169DDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C789DF6-3980-46ED-BEB2-E4E8816FBAD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DDEA991-BC3E-4726-8CCF-0450AE627683}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8027D971-F2C2-41D4-B36E-38B2AA6A9BB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C8265EF-8AC3-4E15-9CBF-75022B5F2EB5}" = rport=2869 | protocol=6 | dir=out | app=system |
"{948C08D8-87EA-41DE-BD50-034F6D80555A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98EE3E6E-BED1-4ED5-BC53-927077533F30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9C10FD94-745C-450A-8E9E-F801E9B4007B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB50E936-DC9B-4CE1-A3CB-5BBD591E1C64}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C938C90E-1F3E-45C8-AA46-BF0174AF6159}" = lport=139 | protocol=6 | dir=in | app=system |
"{D9F9C8FC-8407-4543-8071-0DF74E823BE8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DBFDF3DB-8D0A-4B1B-8302-DE4CCBCF7C9B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FD39706B-913D-4FA5-913B-9B56FACAA555}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE411168-4F2D-411D-9EB0-BD69BCC798AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CA157F-5B26-4EC7-93DA-0501202AA4C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{081CD2B8-31A8-4D7D-81B4-696C3CB7FFE2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{0C70F409-4778-4317-BFD4-5D4E6F33B3C7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{0CEFEB17-75D7-4FF4-AC28-49034D1002D2}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{0F98F7D2-9C8E-4585-8F5B-30B60A1DBC54}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1207E338-3812-4230-84D5-9F3B5D05E872}" = protocol=1 | dir=in | [email protected],-28543 |
"{1BB0AF63-7900-46C0-AEA7-5C011F241475}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1BD54263-C56A-4947-995A-B9153F51F05F}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012 (2).exe |
"{205D62C5-CCDB-4BA9-AC03-2D802D94291A}" = protocol=1 | dir=out | [email protected],-28544 |
"{21A60C0A-879C-45D2-B125-EA08D5B25DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{22B558E6-01A0-4097-9D7B-7D6D5EE882C6}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{233DE047-8176-4ECB-94DC-936B806C20CF}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pesb4update\pro evolution soccer 2012\pes2012.exe |
"{236D4AD0-15A3-433E-8B37-DE991C64B75F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{27562B93-F3B5-480E-BA3B-4116FF23492C}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{2A31633E-A8EC-42EE-B532-467D8671D2CB}" = protocol=58 | dir=in | [email protected],-148 |
"{2D01A378-B052-4229-ABF0-DA41BF0DBFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{30222F55-B8FB-4F26-9D90-6DADEB41EE46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3163E0B1-E3A7-4CE3-9009-5D49A208B234}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{353F2538-12DA-4203-90A6-5D11DD6F618F}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{3B674C48-0C2C-48DC-89F4-FA93B94106F2}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k12\nba2k12.exe |
"{43998CF1-0DC6-4F49-839C-8E06A04937BD}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{4477D37C-D6B5-4278-B8AD-EED4D33969F9}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{4739CE26-7A1C-4A7B-805C-72E950CD27D9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{482F6A11-2181-4EFE-86AB-670ED7048A7A}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k12\nba2k12.exe |
"{49C0B36D-9736-498A-95A8-0A036618711F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4C86FA9B-A6E9-44E3-8A76-D26EE27CE26C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{54DA3479-1FE2-41FD-AFF8-118866E9C7B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56710EDA-5851-4BD6-9C9C-D858009A1A74}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{574FAB51-8BEC-4FF6-BD8C-EA6EF3F2B1D5}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{5F3FB5F6-350C-434E-89BB-2BC25BCECA42}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pesb4update\pro evolution soccer 2012\pes2012.exe |
"{6048772E-65E2-4CC4-805D-DCD31EC93845}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{67B3741D-8751-4681-8491-20A5E8EB20B1}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe |
"{6C98C7CE-B7EC-4A5F-8C3C-AF355F35293E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{6EB1A179-0423-4236-8F33-6B486D73379B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71A42B65-2A25-4869-A0EE-FA886276E0A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{74327D9D-5BE1-4929-8DC1-86C0C7CEA615}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{7B26337C-AFA8-402A-B625-AB7DD8F91BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{878A6617-1302-4B8C-A91F-3B4AB1DD948E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{8A4AC630-D564-4C10-BB3E-C737FD54F2D6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{8B11B8B5-D1AF-4A7B-A8AB-AF000F34F90C}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{8DABE73A-E4C5-4D73-A3AF-B912001E543D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8DEB98A3-AAFE-4E46-AB69-8A82620FC81D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{98959692-023A-4DF0-8B49-0BE83EA6264D}" = protocol=6 | dir=in | app=c:\users\lego\desktop\games\crafting3.6.0\crafting\shroudupdate.exe |
"{995B6950-FAE4-48F3-9F08-E4CFF349DBF0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{99C07145-4AEB-4785-89BE-26E7F906D3A7}" = protocol=6 | dir=in | app=c:\users\lego\desktop\downloads\mushclient_4.84\mushclient\mushclient.exe |
"{9B411978-BAAC-41C6-851F-1634637B4562}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{9BADDAE2-8C3B-4F52-9794-B36311E80A5A}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{A106283E-8D27-4692-92C3-3AEFAF123031}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{A11EAA77-1C2C-4B60-BAB4-09AEBEB163F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A250FC2F-1675-4063-92EB-BC5B1521149B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A836FAE1-0F24-4CA3-B400-133C7EBC8BD1}" = protocol=58 | dir=in | [email protected],-28545 |
"{AEB89BB9-EB1F-4A93-B4F1-5329E9AA6173}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AEDEC546-1328-4C7E-A131-1D869467E202}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFFBEA4D-BA89-4795-BBAA-0ABD834B75C1}" = protocol=17 | dir=in | app=c:\users\lego\desktop\games\crafting3.6.0\crafting\shroudupdate.exe |
"{B006B970-AFBE-4574-9B1C-1B972D785739}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B1827579-B8EE-4EC7-A96F-B0DED20BF3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\colt poker\pokerclient.exe |
"{B2C5BA2E-27E0-4EE6-A645-9F5E88FD573F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B3569F83-C08C-4ECD-8975-807B284DDAC1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{B8F7B08C-BDF1-4D53-B986-E923575B3E18}" = protocol=17 | dir=in | app=c:\users\lego\desktop\downloads\mushclient_4.84\mushclient\mushclient.exe |
"{C2C81D5B-FB75-49FC-B96A-075157D54BC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C7042A61-3EC8-4BF9-8F02-E761F307ABFA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C86F2FBF-8DA9-4559-95EC-497F96CF374F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C8BB574F-9335-470B-80BC-B03F1D947824}" = protocol=58 | dir=out | [email protected],-28546 |
"{CB0DE6C5-7E75-401E-9E8D-C0088794B403}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{D8A108F2-65A6-4C1B-9BB3-3DFD8BEC046E}" = protocol=17 | dir=in | app=c:\program files (x86)\colt poker\pokerclient.exe |
"{DAA57B2A-6329-4C4F-B972-D92905EFC389}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{E366489E-5D3A-4890-B0D8-84404F8ECF61}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{EB400CB9-CD42-40FD-BB59-B90546364982}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F142337E-729C-4A7E-9C01-E78F90DA72F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{FA240C09-A01F-46A6-93B4-06AA3F101CEC}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{FB7DEEBE-451F-4AD7-86EA-0076AFC983B4}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{FF3BCC4D-BE85-4349-B4AB-B7097C5D078D}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012 (2).exe |
"TCP Query User{03DF5A24-D3CD-4472-83BF-C90C0C698C41}C:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"TCP Query User{0FC664A1-60FC-4F6F-A0CA-A8B344657647}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{13ADE623-7BDC-43C2-89EE-7E2AA2B997F5}C:\program files (x86)\chessmaster 10th edition\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\chessmaster 10th edition\game.exe |
"TCP Query User{25A7FDBD-7347-4CFD-BACF-FAF4354A7F1E}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\creationkit.exe |
"TCP Query User{31175F26-0FC6-4AF4-A663-5D729507FBB5}C:\program files (x86)\tripwire interactive\red orchestra 2 heroes of stalingrad\binaries\win32\rogame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tripwire interactive\red orchestra 2 heroes of stalingrad\binaries\win32\rogame.exe |
"TCP Query User{3DAE87DF-088D-4052-B6B0-D083C39FC8A7}C:\program files\magic\program\manalink.exe" = protocol=6 | dir=in | app=c:\program files\magic\program\manalink.exe |
"TCP Query User{5C835C53-6A16-4238-9202-5471DB3C5FD9}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{7E583911-471D-490B-A210-4957A4EA403B}C:\users\lego\desktop\tigerwoods\data\tworuntimestandalone.exe" = protocol=6 | dir=in | app=c:\users\lego\desktop\tigerwoods\data\tworuntimestandalone.exe |
"TCP Query User{857D2792-4E90-4A6D-B4E0-7418CCC87E99}C:\program files (x86)\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icall\icall.exe |
"TCP Query User{86E17274-51EB-4274-8E3A-F31EF3580219}C:\program files (x86)\ddo1\dungeons & dragons online - stormreach\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ddo1\dungeons & dragons online - stormreach\dndclient.exe |
"TCP Query User{8F303554-A919-4B7C-AA30-31C13EBC71BA}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{A4143FE1-8D5B-44FD-B40D-3FADB5E5D76F}C:\windows.old\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\windows.old\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{C010707E-3D5A-444D-BBC8-1A12C8B1E31A}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"TCP Query User{D675FE69-D876-41A4-8642-04038C1B15B7}C:\users\lego\desktop\games\tigerwoods\data\tworuntimestandalone.exe" = protocol=6 | dir=in | app=c:\users\lego\desktop\games\tigerwoods\data\tworuntimestandalone.exe |
"UDP Query User{0F77B958-D9FA-4FBC-914D-4D4A0F1176C5}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{2397CA2D-93FD-4DE2-8B98-A1899E984264}C:\windows.old\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\windows.old\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{2C467A62-E7D3-4CB4-8C22-495D34157CA6}C:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\dungeons & dragons online - stormreach\dndclient.exe |
"UDP Query User{5E2631BC-A347-4311-A4F3-B886E530E699}C:\program files (x86)\tripwire interactive\red orchestra 2 heroes of stalingrad\binaries\win32\rogame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tripwire interactive\red orchestra 2 heroes of stalingrad\binaries\win32\rogame.exe |
"UDP Query User{60D642DF-14E6-4141-968B-FD32E5DE07F1}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{7EA3EEBE-FEBA-486A-982E-2C68DD6BDA68}C:\program files (x86)\chessmaster 10th edition\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\chessmaster 10th edition\game.exe |
"UDP Query User{A32CD9DE-AD07-4FAD-825F-5C95C7667CE4}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{A79CA465-7016-4EB1-A786-274C7AD17EFB}C:\users\lego\desktop\tigerwoods\data\tworuntimestandalone.exe" = protocol=17 | dir=in | app=c:\users\lego\desktop\tigerwoods\data\tworuntimestandalone.exe |
"UDP Query User{AA26E9E1-BAF1-4107-8C43-25EC883C16E7}C:\program files (x86)\ddo1\dungeons & dragons online - stormreach\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ddo1\dungeons & dragons online - stormreach\dndclient.exe |
"UDP Query User{BE4A6174-8936-48E0-A667-167AC5740592}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the elder scrolls v skyrim\creationkit.exe |
"UDP Query User{C3BD758F-A3A7-432F-BDDD-51802A0C0565}C:\program files\magic\program\manalink.exe" = protocol=17 | dir=in | app=c:\program files\magic\program\manalink.exe |
"UDP Query User{DA4D420D-A1B7-4785-8D4A-A5D27118C2B7}C:\users\lego\desktop\games\tigerwoods\data\tworuntimestandalone.exe" = protocol=17 | dir=in | app=c:\users\lego\desktop\games\tigerwoods\data\tworuntimestandalone.exe |
"UDP Query User{F5553E00-D08E-404C-B7D0-B5195271628B}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"UDP Query User{FE3B05BE-00E3-4611-8C05-2CF02E474714}C:\program files (x86)\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icall\icall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F55C2C4D-694F-4569-A3BC-5FB6C1FDD84C}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"Blender" = Blender
"Gaming PC_is1" = Gaming PC 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Puran Defrag_is1" = Puran Defrag 7.7
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{141EA095-30C3-422C-AAD5-E7AD64ED2CAA}" = RoAClient
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 38
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C564A58-BD28-4926-95E1-EC7812FCA44F}" = Gigabyte Wireless LAN Card
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Blender" = Blender (remove only)
"BlueSprig_JetClean_is1" = JetClean
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cockatrice" = Cockatrice
"Cricket Broadband EC1705" = Cricket Broadband EC1705
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fallout New Vegas_is1" = Fallout New Vegas
"Fraps" = Fraps
"Game Booster 3_is1" = Game Booster 3
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.0 (Standard)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"Precision" = EVGA Precision 2.1.0
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"Rockstar Games Social Club" = Rockstar Games Social Club
"Smart Defrag 2_is1" = Smart Defrag 2
"SystemRequirementsLab" = System Requirements Lab
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WizTree_is1" = WizTree v1.07

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1759454206-1642175060-2019140610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2012 12:15:07 PM | Computer Name = Lego-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2012 12:15:13 PM | Computer Name = Lego-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.17.12.8026, time stamp
0x4e391c19, faulting module nvvsvc.exe, version 8.17.12.8026, time stamp 0x4e391c19,
exception code 0x40000015, fault offset 0x000000000005dcf2, process id 0x660, application
start time 0x01cd52edab4356ba.

Error - 6/25/2012 11:01:53 PM | Computer Name = Lego-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2012 11:02:52 PM | Computer Name = Lego-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.17.12.8026, time stamp
0x4e391c19, faulting module nvvsvc.exe, version 8.17.12.8026, time stamp 0x4e391c19,
exception code 0x40000015, fault offset 0x000000000005dcf2, process id 0x69c, application
start time 0x01cd534807440554.

Error - 6/26/2012 11:17:20 AM | Computer Name = Lego-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/26/2012 11:17:21 AM | Computer Name = Lego-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.17.12.8026, time stamp
0x4e391c19, faulting module nvvsvc.exe, version 8.17.12.8026, time stamp 0x4e391c19,
exception code 0x40000015, fault offset 0x000000000005dcf2, process id 0x5ec, application
start time 0x01cd53aec5022c22.

Error - 6/26/2012 1:28:50 PM | Computer Name = Lego-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.17.12.8026, time stamp
0x4e391c19, faulting module nvvsvc.exe, version 8.17.12.8026, time stamp 0x4e391c19,
exception code 0x40000015, fault offset 0x000000000005dcf2, process id 0x684, application
start time 0x01cd53c1212f3de3.

Error - 6/26/2012 1:28:51 PM | Computer Name = Lego-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2012 11:38:05 AM | Computer Name = Lego-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2012 11:38:30 AM | Computer Name = Lego-PC | Source = Application Error | ID = 1000
Description = Faulting application nvvsvc.exe, version 8.17.12.8026, time stamp
0x4e391c19, faulting module nvvsvc.exe, version 8.17.12.8026, time stamp 0x4e391c19,
exception code 0x40000015, fault offset 0x000000000005dcf2, process id 0x5a0, application
start time 0x01cd547ad4f32de4.

[ Media Center Events ]
Error - 1/9/2013 4:48:05 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/16/2013 10:20:45 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 5/17/2013 3:26:54 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/2/2013 10:18:06 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/14/2013 3:35:45 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/15/2013 3:16:53 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/15/2013 3:19:51 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/15/2013 3:26:15 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/15/2013 3:32:06 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/23/2013 12:44:07 PM | Computer Name = Lego-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/7/2013 1:45:45 AM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/7/2013 1:46:11 AM | Computer Name = Lego-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/7/2013 1:46:15 AM | Computer Name = Lego-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/7/2013 1:47:53 AM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2013 1:47:53 AM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2013 1:48:43 AM | Computer Name = Lego-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2013 7:03:35 PM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2013 7:03:35 PM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2013 7:04:34 PM | Computer Name = Lego-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2013 10:01:28 PM | Computer Name = Lego-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Lego\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.


< End of report >

Edited by lego126, 08 November 2013 - 06:10 PM.

  • 0

#4
lego126
Posted 08 November 2013 - 06:08 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did attempt to run combofix, and below is the log. I thought one of the sweepers had deleted the log. ComboFix 13-11-04.01 - Lego 11/07/2013 0:32.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6142.4557 [GMT -5:00]
Running from: c:\users\Lego\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\fraps.exe
c:\program files (x86)\fraps32.dll
c:\program files (x86)\fraps64.dat
c:\program files (x86)\fraps64.dll
c:\program files (x86)\frapslcd.dll
c:\program files (x86)\Uninstall.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Temp
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DCSERVICE.EXE
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-07 to 2013-11-07 )))))))))))))))))))))))))))))))
.
.
2013-11-07 05:46 . 2013-11-07 05:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-07 05:46 . 2013-11-07 05:46 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-11-07 05:46 . 2013-11-07 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 05:46 . 2013-11-07 05:46 -------- d-----w- c:\users\Corrine\AppData\Local\temp
2013-11-07 05:46 . 2013-11-07 05:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-07 03:27 . 2013-11-07 03:27 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-11-07 03:27 . 2013-11-07 03:27 -------- d-----w- c:\users\Lego\AppData\Local\eSupport.com
2013-11-07 01:49 . 2013-11-07 01:49 -------- d-----w- c:\programdata\Auslogics
2013-11-07 01:49 . 2013-11-07 01:49 -------- d-----w- c:\program files (x86)\Auslogics
2013-11-07 01:48 . 2013-11-07 01:56 -------- d-----w- c:\program files (x86)\WizTree
2013-11-07 00:43 . 2013-11-07 00:43 -------- d-----w- c:\users\Lego\AppData\Local\CrashDumps
2013-11-06 11:27 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-11-06 11:26 . 2013-11-06 11:26 -------- d-----w- c:\users\Lego\AppData\Roaming\IObit
2013-11-06 11:26 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-11-06 01:14 . 2013-11-06 01:14 1990493 ----a-w- C:\MGtools.exe
2013-11-06 01:13 . 2013-11-06 01:13 -------- d-----w- c:\program files\HitmanPro
2013-11-06 01:12 . 2013-11-06 03:52 -------- d-----w- c:\programdata\HitmanPro
2013-11-06 00:51 . 2013-11-06 00:51 -------- d-----w- c:\users\Lego\AppData\Roaming\BlueSprig
2013-11-06 00:51 . 2013-11-06 00:51 -------- d-----w- c:\program files (x86)\BlueSprig
2013-11-05 20:04 . 2012-12-29 08:40 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-05 20:04 . 2012-12-29 08:40 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-05 20:04 . 2012-12-29 08:40 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-05 20:04 . 2012-12-29 08:40 63928 ----a-w- c:\windows\system32\nvshext.dll
2013-11-05 20:04 . 2012-12-29 08:40 118712 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-05 20:03 . 2013-11-05 20:03 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-11-05 19:28 . 2012-12-29 10:34 61368 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-05 19:28 . 2012-12-29 10:34 53176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-02 00:18 . 2013-11-02 00:18 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-11-02 00:18 . 2013-11-02 00:18 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-11-02 00:18 . 2013-11-02 00:18 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-11-02 00:18 . 2013-11-02 00:18 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-11-02 00:18 . 2013-11-02 00:18 92056 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-11-02 00:18 . 2013-11-02 00:18 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-11-02 00:18 . 2013-11-02 00:18 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-10-27 01:42 . 2013-11-06 04:42 -------- d-----w- C:\Python27
2013-10-27 00:17 . 2013-11-06 04:42 -------- d-----w- C:\Python33
2013-10-21 15:49 . 2013-10-21 15:49 -------- d-----w- c:\windows\ansalon
2013-10-11 17:23 . 2013-10-21 13:58 -------- d-----w- c:\program files (x86)\RoAClient
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Cricket Broadband EC1705"="c:\program files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" [2011-07-17 196608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1424" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-7-17 1041920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 22:45]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-17 6242816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 134416]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{487579B3-0997-4033-A5E7-1FDE5DB35F8A}: NameServer = 10.133.20.11 10.132.20.11
FF - ProfilePath - c:\users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - ExtSQL: !HIDDEN! 2011-07-21 18:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file)
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1759454206-1642175060-2019140610-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,91,6c,b2,b4,05,9f,44,e3,31,8b,0c,0a,e7,5c,f4,0d,da,e6,8e,f5,
00,25,38,03,b5,dd,83,91,64,1f,e9,55,33,6b,d1,3a,2b,d8,e2,70,bf,20,06,f3,d6,\
"rkeysecu"=hex:fe,ef,2e,ae,28,bb,2c,cb,c7,3a,e0,62,2f,bc,66,e8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\programdata\Cricket Broadband EC1705\userdata\ouc.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2013-11-07 00:54:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-07 05:54
.
Pre-Run: 60,138,999,808 bytes free
Post-Run: 59,471,618,048 bytes free
.
- - End Of File - - 11ADEEDEA3BFB2D0187F7BD5C0AFAE28
5C616939100B85E558DA92B899A0FC36
  • 0

#5
Valinorum
Posted 09 November 2013 - 12:39 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi lego126, :)
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • PunkBuster Services
  • Fraps

 

  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • µTorrent
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the program(s) listed above.

If you choose not to remove them, please do not use them until this computer is clean.
 

  • Step #3 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #4 SystemLook Search
  • Right-click and choose Run as administrator;
  • In the search box, copy and pasted the following code in the code-box.
    :filefind
atapi.sys
  • Click on Look;
  • After the scan a log will be opened;
  • Post the log in your next reply.

 

  • Step #5 Scan with RogueKillerDownload link for 64 bit system
  • Let the pre-scan finish. After that click on Scan;
  • The scan won't take long;
  • A log has been created on your Desktop;
  • Copy and paste the content of the log in your next reply.

 

  • Required Log(s):
  • AwdCleaner log;
  • SystemLook log;
  • RogueKiller log.

Regards,
Valinorum
  • 0

#6
lego126
Posted 09 November 2013 - 03:40 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, i think I've posted everything. I remember installing fraps a couple years ago. I just never uninstalled because it was so small. And the punkbuster... I have no idea where it came from. I thought it was installed from a game I installed, but i can't be sure. Here are scan's requested.

AdwCleaner

# AdwCleaner v3.011 - Report created 09/11/2013 at 15:57:43
# Updated 03/11/2013 by Xplode
# Operating System : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# Username : Lego - LEGO-PC
# Running from : C:\Users\Lego\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Lego\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [882 octets] - [09/11/2013 15:56:20]
AdwCleaner[S1].txt - [804 octets] - [09/11/2013 15:57:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [863 octets] #########

## AdwCleaner v3.011 - Report created 09/11/2013 at 15:56:20
# Updated 03/11/2013 by Xplode
# Operating System : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# Username : Lego - LEGO-PC
# Running from : C:\Users\Lego\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Lego\AppData\Roaming\Mozilla\Firefox\Profiles\sbcybuow.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Lego\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [744 octets] - [09/11/2013 15:56:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [803 octets] #########



#SystemLook 30.07.11 by jpshortstuff
Log created at 16:12 on 09/11/2013 by Lego
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\erdnt\cache64\atapi.sys --a---- 20952 bytes [05:53 07/11/2013] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\drivers\atapi.sys --a---- 20952 bytes [00:06 01/08/2011] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys --a---- 22584 bytes [02:45 21/01/2008] [02:45 21/01/2008] 1898FAE8E07D97F2F6C2D5326C633FAC
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys --a---- 20952 bytes [00:06 01/08/2011] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys --a---- 20072 bytes [12:40 02/11/2006] [12:01 02/11/2006] DF96CF8885724430024B7522E5C95722
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys --a---- 22584 bytes [02:45 21/01/2008] [02:45 21/01/2008] 1898FAE8E07D97F2F6C2D5326C633FAC
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys --a---- 20952 bytes [00:06 01/08/2011] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623

-= EOF =


-RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Lego [Admin rights]
Mode : Scan -- Date : 11/09/2013 16:17:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] RunAsStdUser Task : "C:\Users\Lego\AppData\Local\gamesleapSA\bin\1.0.8.0\GamesLeapSA.exe" [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD32 00AAKS-00L9A SCSI Disk Device +++++
--- User ---
[MBR] 7f49bc81355bbad677ff138725186beb
[BSP] 96cf44173edeaad590a5ad4015a90d7c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305241 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11092013_161714.txt >>
  • 0

#7
lego126
Posted 09 November 2013 - 04:37 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
One thing i'm unsure about, is Roguekiller. After I ran the scan. was I suppose to hit any of the Fix<buttons>? I click anything. I just minimized the RK , and pasted the report.
  • 0

#8
Valinorum
Posted 10 November 2013 - 08:47 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi lego126, :)

I remember installing fraps a couple years ago. I just never uninstalled because it was so small.

Most of its files were removed by Combofix run. It will now do more harm than good. Uninstall it completely and re-install it after I declare you clean.

And the punkbuster... I have no idea where it came from. I thought it was installed from a game I installed, but i can't be sure.

Spot-on. It is an anti-cheat software with a poor reputation and there have been many reports of machines getting vulnerable because of such softwares.

One thing i'm unsure about, is Roguekiller. After I ran the scan. was I suppose to hit any of the Fix<buttons>? I click anything. I just minimized the RK , and pasted the report.

For that scan, I only required the scanned report.

  • Step #6
    I want you to upload a suspicious file to an online virus-scanner to scan.
  • Please go to www.virustotal.com
  • Click on Choose File;
  • Go to C:\Windows\System32\drivers\atapi.sys;
  • Click on Open;
  • Click on Scan it;
  • Copy and Paste the link of the result page;

 

  • Step #7 Fix with RogueKillerDownload link for 64 bit system
  • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
  • Click on Delete;
  • Now again click on Scan and wait for the scan to finish;
  • Click on Report and a log file will open;
  • Copy and paste the whole content of that report in your next reply.

 

  • Step #8 Scan with aswMBR
  • Right-click on it and choose Run as administrator;
  • Click on Scan;
  • After that click Save Log and save it to your Desktop;
  • Restart your PC;
  • Copy and paste the contents of the log in your next reply.

 

  • Required Log(s):
  • Virustotal scan result link;
  • RogueKiller report;
  • aswMBR log.

Regards,
Valinorum
  • 0

#9
lego126
Posted 10 November 2013 - 02:37 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, the online scanner. It can't find the file unless I copy and paste the file to my desktop. Which I did. I will post those result. I tried browsing for file, I can't find it. I tried copy and paste link, it's didn't work. I can take a screen shot of the file not being there if u need. I know the file is there because I can see it if I just go look at it. The screen shot is of the pop-up window, of me trying to locate the atapi.sys file in the system32/drivers/..

... File identification
MD5 0c3197c1cd19bd53ae44e5fd1d060b7c
SHA1 df7f7cf3c1b30b661e1f74c2eedd3da1b08ef738
SHA256 d6f1658ca4fe0d3d6bd5a07a007c05dd7edacfbf732f8786b47380500067735e
ssdeep384:JMECcnzfv4t1p5IeAHuPu+z2z03XnGGstzEgUF9nyGQPluT+qOHJhjbujBsPpK8R:JX4YdDCstzrUePhxksR/
File size 20.5 KB ( 20949 bytes )
File type DOS EXE
Magic literalMS-DOS executable, MZ for MS-DOS
TrID DOS Executable Generic (100.0%)
VirusTotal metadata
First submission 2013-11-10 19:36:56 UTC ( 10 minutes ago )
Last submission 2013-11-10 19:36:56 UTC ( 10 minutes ago )
File names atapi.sys
ExifTool file metadata
MIMETypeapplication/octet-stream
FileTypeDOS EXE SHA256: d6f1658ca4fe0d3d6bd5a07a007c05dd7edacfbf732f8786b47380500067735e
File name: atapi.sys
Detection ratio: 0 / 46
Analysis date: 2013-11-10 19:36:56 UTC ( 0 minutes ago)


)RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Lego [Admin rights]
Mode : Scan -- Date : 11/10/2013 15:13:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe [-] -> KILLED [TermProc]
[SUSP PATH] ouc.exe -- C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{487579B3-0997-4033-A5E7-1FDE5DB35F8A} : NameServer (10.133.20.11 10.132.20.11 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{487579B3-0997-4033-A5E7-1FDE5DB35F8A} : NameServer (10.133.20.11 10.132.20.11 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD32 00AAKS-00L9A SCSI Disk Device +++++
--- User ---
[MBR] 7f49bc81355bbad677ff138725186beb
[BSP] 96cf44173edeaad590a5ad4015a90d7c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305241 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic STORAGE DEVICE-A USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11102013_151327.txt >

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-10 15:22:26
-----------------------------
15:22:26.562 OS Version: Windows x64 6.0.6002 Service Pack 2
15:22:26.562 Number of processors: 2 586 0x170A
15:22:26.562 ComputerName: LEGO-PC UserName: Lego
15:22:27.984 Initialize success
15:22:50.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
15:22:50.487 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
15:22:50.628 Disk 0 MBR read successfully
15:22:50.628 Disk 0 MBR scan
15:22:50.628 Disk 0 Windows VISTA default MBR code
15:22:50.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305241 MB offset 2048
15:22:50.659 Disk 0 scanning C:\Windows\system32\drivers
15:22:57.096 Service scanning
15:23:09.362 Modules scanning
15:23:09.362 Disk 0 trace - called modules:
15:23:09.378 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
15:23:09.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ff060]
15:23:09.378 3 CLASSPNP.SYS[fffffa6001208c33] -> nt!IofCallDriver -> [0xfffffa800641d540]
15:23:09.378 5 acpi.sys[fffffa60008ccfde] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80063ce060]
15:23:09.378 Scan finished successfully
15:24:14.768 Disk 0 MBR has been saved successfully to "C:\Users\Lego\Desktop\MBR.dat"
15:24:14.768 The log file has been saved successfully to "C:\Users\Lego\Desktop\aswMBR.txt"

Attached Thumbnails

  • atapifile.jpg

  • 0

#10
lego126
Posted 10 November 2013 - 03:26 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
One more question.... for some reason my UAC has been re-enabled on this acct.??? Was it something one of the scanners "fixed"?

Edited by lego126, 10 November 2013 - 03:26 PM.

  • 0

#11
Valinorum
Posted 11 November 2013 - 11:02 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

One more question.... for some reason my UAC has been re-enabled on this acct.??? Was it something one of the scanners "fixed"?

It is possible.

Which issues are you facing?
  • 0

#12
lego126
Posted 12 November 2013 - 07:08 PM

lego126

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just when I clicked to run MBRcheck,and systemlook, my UAC thing popped up. And I'm getting a UAC pop-up on Filename Jucheck.exe. Java update it seems. Is that legit? I've not had UAC on in couple years. It's no prob. just not use to it being on. :) How'd the last scans look? Everything seems to be doin better.
  • 0

#13
Valinorum
Posted 14 November 2013 - 02:26 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi lego126, :)

just when I clicked to run MBRcheck,and systemlook, my UAC thing popped up. And I'm getting a UAC pop-up on Filename Jucheck.exe. Java update it seems. Is that legit? I've not had UAC on in couple years.

It is okay as the post-XP system shows this before a program is allowed to run or modify the critical files on the system.

I see no infection present in your system. If you are not having any further problem, I declare you ALL CLEAN.

Before we finish, we'll need to wrap up with a bit of celebratory cleanup. We need to remove the remnants of the tools we used and clear out any infected System Restore points. There are also lots of applications which need updating. Please follow these instructions to do so:It is time to uninstall Combofix. Please follow the instructions:

 

  • Click on the Start button (Posted Image) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow. Please note that there is a space between combofix and /uninstall.
    Posted Image
  • Once you have typed this in, press Enter on your keyboard.
  • A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

 

  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :Files
    %systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

    :Commands
    [CreateRestorePoint]

  • Click on "Run Fix" and let the program run unhindered;
  • Re-run OTL and click Cleanup

 

re-run AdwCleaner and click Uninstall

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lastly, we need to keep you safe (as much as we like you here, we don't want to see you back so soon! ;)). Here are a few very important things to remember to stay away from computing trouble in the future:

  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.
  • Consider a web browser other than Internet Explorer.
    Internet Explorer is popular, and with popularity comes exploitation and vulnerability. Fortunately, you have a choice in what web browser to use. Although its popularity has swelled considerably over the past couple of years.
    Opera may be downloaded from here. It is one of the least targeted of all browers.

    Avant may be downloaded from here. Another one that is less well known.

    Firefox may be downloaded from Here. I use Firefox because I like it and it has some good security built in.

    Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#14
Essexboy
Posted 15 November 2013 - 07:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP