Build Theme!

What the Tech

Unreplied Topics

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Mshta.exe problem, japanese porn site pop up [Solved]

Started by bgirl8fasolla , Feb 06 2013 02:23 PM

Next

This topic is locked

22 replies to this topic

#1 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 06 February 2013 - 02:23 PM

Hello, first, I'm sorry If I use some odd english language, actually I'm an Indonesian and english not my first language.
Please be patient with this.I know you'll find this annoying, but please help me..

So, yesterday accidentally I downloaded and installed something, that later I know as a japanese porn site pop up. I tried to uninstall it, but I cannot find the way to do that.
I cannot find the file at contol panel>>uninstall.. it's hidden somewhere..

Then I googled and find some info that said it could be caused by mshta.exe
I tried to delete mshta.exe but I can't be deleted... the porn site ad keep turn up even i have "end process" the mshta.exe at task manager
So, what can I do to remove this annoying ad? Please help me

OTL logfile created on: 2/7/2013 3:04:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kanisius\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.25% Memory free
15.92 Gb Paging File | 13.77 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 514.08 Gb Total Space | 274.39 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 417.33 Gb Total Space | 220.72 Gb Free Space | 52.89% Space Free | Partition Type: NTFS

Computer Name: KANISIUS-PC | User Name: Kanisius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kanisius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Kanisius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\ProgramData\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\Cyrus MC400\C+WEject.exe ()
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Kanisius\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll ()
MOD - C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f2ca47be2c008dbe85b94fb1669b55ea\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\23d0886c8df0b8eb4b7bb9e740accabb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\61a9caccb44df326f10d31346c33d150\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0cefa2c17df1d033e69ed47b0b660ce5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\51a269b672f2226acfedb5d35843a5c9\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d8370a9b1b8173af1ecdcaaa2a71f766\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d47efad9d2f7f45b45204ae07079a94c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e773b94cc3f3fc25509904acb76cfe08\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\307bb964c6b7dbc20676e8905ec99df9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\947b4fe468a1a03516ee26d9b3f4240a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aea623158c3ab3fbf4e406248b2b8d2e\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

========== Services (SafeList) ==========

SRV:64bit: - (CDROM_Eject_W) -- C:\Program Files\Cyrus MC400\C+WEject.exe ()
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (UDisk Monitor) -- C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe ()
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Smartfren Connex EC306-2 UI. RunOuc) -- C:\Program Files (x86)\Smartfren Connex EC306-2 UI\UpdateDog\ouc.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (npkycryp) -- C:\Program Files\RagnarokOnline\npkycryp.sys File not found
DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (UsbModemDriver) -- C:\Windows\SysNative\drivers\USB_MODEM_W.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (npkcrypt) -- C:\Program Files\RagnarokOnline\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV:64bit: - (USB_BusEnum_T) -- C:\Windows\SysNative\drivers\USB_BusEnum_T.sys ()
DRV:64bit: - (USB_BusEnum_W) -- C:\Windows\SysNative\drivers\USB_BusEnum_W.sys ()
DRV:64bit: - (USB_WinMux_T) -- C:\Windows\SysNative\drivers\USB_WinMux_T.sys ()
DRV:64bit: - (USB_WinMux_W) -- C:\Windows\SysNative\drivers\USB_WinMux_W.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USB_ETS_T) -- C:\Windows\SysNative\drivers\USB_ETS_T.sys (Via Telecom, Inc.)
DRV:64bit: - (USB_ETS_W) -- C:\Windows\SysNative\drivers\USB_ETS_W.sys (Via Telecom, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 24 7A C7 73 52 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00050e549eec3ee
IE - HKCU\..\SearchScopes\{57E52D71-EAF7-400e-B405-D5B5C51E03DB}: "URL" = http://search.yahoo....amp;type=IEBDSV
IE - HKCU\..\SearchScopes\{B881AE3F-F23E-4cf4-986C-453D5FD37234}: "URL" = http://www.bing.com/...}...BR1&pc=SPLH
IE - HKCU\..\SearchScopes\{BA99BADD-C9CB-4c69-904E-D00A6AA9B052}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kanisius\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kanisius\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/06/06 06:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/06/06 06:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/06/06 07:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{55A8EC97-6AF6-442c-877F-11C51DBD162D}: C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_FF.xpi [2012/09/07 23:38:44 | 000,013,126 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/05 23:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kanisius\AppData\Roaming\IDM\idmmzcc5 [2012/06/06 19:47:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kanisius\AppData\Roaming\IDM\idmmzcc5 [2012/06/06 19:47:13 | 000,000,000 | ---D | M]

[2012/06/06 23:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Extensions
[2012/06/06 23:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/06/07 09:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/24 20:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions
[2012/08/21 23:30:33 | 000,000,000 | ---D | M] (Layouts Express) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2012/09/15 17:28:54 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\505453fa2b150@505453fa2b189.com
[2012/09/15 17:28:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\extensions\ffxtlbr@babylon.com
[2012/06/07 09:52:37 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012/11/05 23:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/05 23:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/11/05 23:10:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/15 17:07:16 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/24 12:02:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 02:11:15 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kanisius\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Drive = C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube Video Downloader Extension = C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp\1.0.2_0\
CHR - Extension: Prambors = C:\Users\Kanisius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcienkbfcddllnccgbmjfmdidkfliedi\1.0.8_0\

O1 HOSTS File: ([2013/02/07 01:25:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (wxDownload Class) - {4FC012DB-DD59-53D3-D67A-973DB35961D7} - C:\ProgramData\wxDownload\505453fa2b2e0.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll File not found
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKCU..\Run: [webnxmer] "C:\ProgramData\nxmer\20223041" File not found
O4 - Startup: C:\Users\Kanisius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kanisius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download video on this page - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8:64bit: - Extra context menu item: Download video this links to - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download video on this page - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8 - Extra context menu item: Download video this links to - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Change your facebook look - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll File not found
O9 - Extra Button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra 'Tools' menuitem : Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28148D80-4437-4B48-A9F2-2906B7A26A77}: DhcpNameServer = 112.215.71.243 112.215.71.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.24
7.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186}: NameServer = 10.17.3.244 10.17.3.245
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C}: NameServer = 10.17.125.228 10.17.125.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A}: NameServer = 10.17.125.228 10.17.125.229
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 00:22:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 02:24:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kanisius\Desktop\HiJackThis.exe
[2013/02/07 02:23:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kanisius\Desktop\OTL.exe
[2013/02/07 01:48:56 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2013/02/07 01:48:56 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2013/02/07 01:48:55 | 000,413,448 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2013/02/07 01:48:54 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/02/07 01:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/02/07 01:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/07 01:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/02/07 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\TestApp
[2013/02/07 01:40:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 01:24:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/07 00:40:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 00:40:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 00:40:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 00:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/07 00:40:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/07 00:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/07 00:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/02/06 23:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\nxmer
[2013/02/04 02:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMLWrench
[2013/02/04 02:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xmlwrench
[2013/01/27 01:09:46 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/01/27 01:09:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/01/26 23:19:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013/01/26 23:19:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013/01/26 02:03:19 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/01/26 02:03:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/01/26 02:03:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/01/26 02:03:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/01/26 02:03:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/01/26 02:03:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/01/26 02:02:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/01/26 02:02:54 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/01/26 02:02:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/01/26 02:02:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/01/26 02:00:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/01/26 02:00:51 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/01/26 02:00:51 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/01/25 23:31:50 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/25 23:31:50 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/01/25 23:31:50 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/01/25 23:18:58 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/01/25 23:18:58 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/01/25 23:18:58 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/01/25 23:18:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/01/25 23:18:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/01/25 23:18:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/01/25 23:18:40 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/01/25 23:18:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/01/24 22:04:23 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013/01/24 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/01/24 22:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013/01/24 21:30:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/01/24 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\EVDO_General
[2013/01/24 18:30:58 | 000,021,760 | ---- | C] (Via Telecom, Inc.) -- C:\Windows\SysNative\drivers\USB_ETS_W.sys
[2013/01/24 18:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyrus MC400
[2013/01/24 18:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Cyrus MC400
[2013/01/22 19:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Video Downloader
[2013/01/22 19:48:02 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\Tomabo
[2013/01/22 19:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tomabo
[2013/01/13 13:06:27 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\Documents\OFX Presets
[2013/01/13 11:58:38 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\Publish Providers
[2013/01/13 11:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/01/13 11:43:28 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Local\Sony
[2013/01/13 11:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/01/13 11:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/01/13 11:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/01/13 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\Kanisius\AppData\Roaming\Sony
[2013/01/11 21:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2013/01/11 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013/01/11 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013/01/11 21:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013/01/11 21:07:04 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/01/11 21:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2013/01/11 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012/09/10 20:36:18 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kanisius\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/07 02:25:45 | 000,625,664 | ---- | M] () -- C:\Users\Kanisius\Desktop\dds.scr
[2013/02/07 02:25:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kanisius\Desktop\HiJackThis.exe
[2013/02/07 02:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kanisius\Desktop\OTL.exe
[2013/02/07 02:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 02:11:01 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/02/07 02:10:48 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/02/07 02:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/07 02:09:41 | 2117,705,727 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/07 01:49:00 | 001,584,659 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/02/07 01:43:56 | 000,000,323 | ---- | M] () -- C:\Users\Kanisius\Desktop\exefix.reg
[2013/02/07 01:25:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/07 00:49:03 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 00:49:03 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 00:22:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/06 00:08:33 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2013/02/05 13:01:40 | 000,000,306 | ---- | M] () -- C:\Users\Kanisius\AppData\Roaming\burnaware.ini
[2013/02/04 21:08:06 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 21:08:06 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 21:08:06 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 02:24:14 | 000,001,019 | ---- | M] () -- C:\Users\Kanisius\Desktop\XMLWrench.lnk
[2013/02/01 16:11:53 | 000,002,382 | ---- | M] () -- C:\Users\Kanisius\Desktop\Google Chrome.lnk
[2013/01/26 23:16:07 | 005,029,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/25 10:42:09 | 000,001,055 | ---- | M] () -- C:\Users\Kanisius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/25 10:42:00 | 000,001,029 | ---- | M] () -- C:\Users\Kanisius\Desktop\Dropbox.lnk
[2013/01/24 22:03:57 | 000,001,198 | ---- | M] () -- C:\Users\Kanisius\Desktop\Format Factory.lnk
[2013/01/24 18:30:58 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Cyrus MC400.lnk
[2013/01/22 19:48:03 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Video Downloader.lnk
[2013/01/22 19:48:03 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\MP4 Converter.lnk
[2013/01/22 19:48:03 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\MP4 Player.lnk
[2013/01/13 11:58:18 | 000,002,476 | ---- | M] () -- C:\Users\Kanisius\Documents\Register Vegas Pro.htm
[2013/01/10 22:18:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/10 22:18:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/07 02:25:31 | 000,625,664 | ---- | C] () -- C:\Users\Kanisius\Desktop\dds.scr
[2013/02/07 02:11:01 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/02/07 01:48:57 | 001,584,659 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/02/07 01:43:26 | 000,000,323 | ---- | C] () -- C:\Users\Kanisius\Desktop\exefix.reg
[2013/02/07 00:40:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 00:40:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 00:40:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 00:40:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 00:40:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/07 00:22:13 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/04 02:24:14 | 000,001,019 | ---- | C] () -- C:\Users\Kanisius\Desktop\XMLWrench.lnk
[2013/01/26 02:02:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/24 22:03:57 | 000,001,198 | ---- | C] () -- C:\Users\Kanisius\Desktop\Format Factory.lnk
[2013/01/24 18:30:58 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\drivers\USB_BusEnum_W.sys
[2013/01/24 18:30:58 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\drivers\USB_WinMux_W.sys
[2013/01/24 18:30:58 | 000,028,160 | ---- | C] () -- C:\Windows\SysNative\drivers\USB_MODEM_W.sys
[2013/01/24 18:30:58 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Cyrus MC400.lnk
[2013/01/22 19:48:03 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Video Downloader.lnk
[2013/01/22 19:48:03 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\MP4 Converter.lnk
[2013/01/22 19:48:03 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\MP4 Player.lnk
[2013/01/13 11:58:18 | 000,002,476 | ---- | C] () -- C:\Users\Kanisius\Documents\Register Vegas Pro.htm
[2012/09/10 20:36:18 | 000,007,859 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\pcouffin.cat
[2012/09/10 20:36:18 | 000,001,167 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\pcouffin.inf
[2012/08/25 16:32:14 | 000,116,224 | ---- | C] () -- C:\Program Files\LoL_Install_120822.exe
[2012/08/25 10:04:04 | 123,158,196 | ---- | C] () -- C:\Program Files\LoL_Install_120822.2.dat
[2012/08/25 10:02:03 | 2097,152,000 | ---- | C] () -- C:\Program Files\LoL_Install_120822.1.dat
[2012/08/23 16:39:18 | 098,933,681 | ---- | C] () -- C:\Program Files (x86)\MeGUI_2153_x86.zip
[2012/08/22 22:34:42 | 000,002,298 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\ASSDraw3.cfg
[2012/08/22 19:09:01 | 000,045,270 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\room_v3.dat
[2012/08/20 23:51:50 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/12 20:49:36 | 000,017,817 | ---- | C] () -- C:\Users\Kanisius\.TransferManager.db
[2012/07/29 07:52:12 | 000,061,980 | ---- | C] () -- C:\Program Files\drajat kapsul.jpg
[2012/07/08 17:34:56 | 000,017,687 | ---- | C] () -- C:\Program Files\251963_453834911307147_1904908514_n.jpg
[2012/06/29 12:33:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/29 12:29:36 | 000,004,608 | ---- | C] () -- C:\Users\Kanisius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/23 07:52:03 | 000,000,132 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/18 11:45:37 | 000,000,306 | ---- | C] () -- C:\Users\Kanisius\AppData\Roaming\burnaware.ini
[2012/06/06 10:25:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/06 10:25:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/06 07:53:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/06/06 06:59:40 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/06/06 06:42:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/06/06 06:34:27 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/09 06:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/08/03 17:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 10:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 10:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/26 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\4Media
[2012/08/22 23:38:23 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Aegisub
[2012/11/18 15:11:47 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Audacity
[2012/07/29 09:45:40 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Babylon
[2013/02/07 02:10:50 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\BitTorrent
[2012/06/11 04:54:08 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/07 02:08:53 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\DMCache
[2013/02/07 02:11:00 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Dropbox
[2012/09/16 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\eType
[2013/01/24 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\EVDO_General
[2012/09/15 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\ExpressDownloader
[2012/06/06 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Greyfirst
[2012/09/30 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\IDM
[2013/02/07 00:48:32 | 000,000,000 | RHSD | M] -- C:\Users\Kanisius\AppData\Roaming\install
[2012/08/26 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\LolClient
[2012/12/14 23:52:15 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\MAXON
[2012/09/30 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\OpenCandy
[2012/06/28 19:48:21 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\PACE Anti-Piracy
[2012/10/06 00:41:12 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\pdftoepub
[2013/01/13 11:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Publish Providers
[2012/06/06 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\PunkBuster
[2012/10/27 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Red Giant Link
[2012/12/12 17:18:24 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Research In Motion
[2012/08/23 01:08:30 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/07/01 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Samsung
[2013/01/13 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Sony
[2012/06/06 06:36:12 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Splashtop
[2012/06/06 07:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/02 16:34:15 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Temp
[2013/02/07 01:46:20 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\TestApp
[2013/01/22 20:58:48 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Tomabo
[2012/06/29 12:29:06 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Video DVD Maker FREE
[2012/09/10 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\Vso
[2012/08/24 02:15:36 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\YourFileDownloader
[2012/12/27 20:36:42 | 000,000,000 | ---D | M] -- C:\Users\Kanisius\AppData\Roaming\ZTEEVDO

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010/11/21 14:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 14:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/11 03:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/11 03:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 12:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 13:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 10:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 10:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 10:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010/11/21 10:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 10:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010/11/21 14:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 14:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 14:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 14:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-254441E9.PF >
[2013/02/07 00:42:30 | 000,052,876 | ---- | M] () MD5=975FA2324EEDC641E694D498404EBD89 -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/02/07 02:15:42 | 000,122,396 | ---- | M] () MD5=C884589402C33702A77FE1841CBFC522 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: EXPLORER.ZIP >
[2009/06/04 11:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2010/11/21 10:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/21 10:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/21 10:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/21 10:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\erdnt\cache86\iexplore.exe
[2010/11/21 10:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/14 09:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 09:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 09:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 09:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2013/02/07 01:01:08 | 000,136,738 | ---- | M] () MD5=2E416C1E7E254C7377BAE9920F70D84A -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: SERVICES >
[2009/06/11 04:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2010/04/08 10:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.CFG >
[2012/12/18 21:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DLL >
[2010/03/01 12:47:38 | 004,463,896 | ---- | M] (SmartSound Software Inc.) MD5=3BA7FCEA9125BF98CE228551324E3EDA -- C:\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 14:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 14:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JS >
[2011/08/11 00:28:30 | 000,003,133 | ---- | M] () MD5=1C7EE133C293DDD51C5BDDAC9EF5E651 -- C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}\components\services.js

< MD5 for: SERVICES.LNK >
[2009/07/14 11:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 11:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/28 14:49:18 | 000,000,614 | ---- | M] () MD5=8BC2336DFC376461BC2859B24A5FA0B4 -- C:\Users\Kanisius\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JX8TT6RY\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/11 03:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 03:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 14:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 03:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 14:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 04:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 14:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 03:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 14:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 04:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 03:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 03:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2010/11/21 14:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 14:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/11 04:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 04:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/21 10:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 10:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 10:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 14:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 14:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010/11/21 14:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 14:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/14 03:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 03:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2012/12/12 17:19:21 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2012/12/12 17:19:21 | 000,004,559 | ---- | M] () -- C:\ads_err.adm
[2012/12/12 17:25:05 | 000,013,785 | ---- | M] () -- C:\ads_err.adt
[2012/04/15 00:01:40 | 000,285,478 | ---- | M] () -- C:\ae_disc.ico
[2013/02/07 00:22:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/06/06 06:40:43 | 000,000,180 | ---- | M] () -- C:\csb.log
[2013/02/07 02:09:41 | 2117,705,727 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/07 02:09:43 | 4255,264,767 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 12:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 12:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 12:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 03:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 11:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2012/08/23 16:32:27 | 098,933,681 | ---- | M] () -- C:\Program Files (x86)\MeGUI_2153_x86.zip

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/06 06:40:38 | 000,000,221 | -HS- | M] () -- C:\Users\Kanisius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/02/07 02:25:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kanisius\Desktop\HiJackThis.exe
[2013/02/07 02:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kanisius\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 948 bytes -> C:\ProgramData\Microsoft:uStNKPWjH6aG2APO2aXD
@Alternate Data Stream - 943 bytes -> C:\ProgramData\Microsoft:SX1hLnbOinPJy5K7s8qvQFuf
@Alternate Data Stream - 1112 bytes -> C:\Program Files\Common Files\System:TaIrqY6oQLhoN6h9jGb6NWQ5N0Xu
@Alternate Data Stream - 1106 bytes -> C:\ProgramData\Microsoft:PS6bWiGdNmDtyKhXNE0KRXdMGl4j
@Alternate Data Stream - 1096 bytes -> C:\Program Files\Common Files\System:75Coog4ZWrzhlzazHRcqQce
@Alternate Data Stream - 1065 bytes -> C:\ProgramData\Microsoft:z47220dvKB8QFyHXCi9Tl
@Alternate Data Stream - 1015 bytes -> C:\Users\Kanisius\AppData\Local\Temp:J2D6ekoudWsnG3vx
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:MDoq9fqGqSYEU5qT3G69

< End of report >

OTL Extras logfile created on: 2/7/2013 3:04:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kanisius\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.25% Memory free
15.92 Gb Paging File | 13.77 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 514.08 Gb Total Space | 274.39 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 417.33 Gb Total Space | 220.72 Gb Free Space | 52.89% Space Free | Partition Type: NTFS

Computer Name: KANISIUS-PC | User Name: Kanisius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe" = C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe:*:Enabled:YouTube Video Downloader -- (Tomabo)
"C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe" = C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe:*:Enabled:YouTube Video Downloader -- (Tomabo)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B47488-1062-4F7E-A221-FE7BE199D40C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D77768A-5DE0-4EA0-AFE6-A0F3EA381682}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10237486-1B35-482A-A713-88DD6784B13E}" = rport=139 | protocol=6 | dir=out | app=system |
"{14FA9351-0EAE-4617-9453-09FE7FA26F63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{180470DE-8C35-44BC-90A1-1143ACDDB6C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AA28EEE-9851-436B-82C7-CDEECDD44515}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B504241-6633-43FC-B782-6AA276E3394A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{298E08F3-85B6-4306-834B-21B869907C0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AE5617E-5369-4A72-BB90-1787B9B76C1B}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{2EA4384B-6C7C-48C1-A442-2393527AC336}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A163304-C3DB-49BD-96A0-87C0204E7AC0}" = lport=138 | protocol=17 | dir=in | app=system |
"{3DD46C08-F7B9-4906-BFF9-7091A0747BBE}" = rport=137 | protocol=17 | dir=out | app=system |
"{488F95E2-F829-480B-B61A-2704F66B803B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54805E46-ADD1-4618-9663-5387E49A1F77}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{5C785FC6-9E91-4AAB-88E3-7688138255F3}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{7F5DC1A4-9177-47BB-B4B8-7FF81517F1F8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8E0147C8-FE6B-414F-87A7-5C922470471C}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{95D3022C-0DB3-4773-9230-C35ED7C132AF}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{A5AE0E19-ADA8-4302-AF91-6A83125D30DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A7518AAA-C3BF-4205-AA15-E50791CDC1AA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{AA919DFC-03F8-40DC-A52C-B847C1EAE23D}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{AA91C715-49DA-4105-AA85-3F081623E17A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B68C2450-0DC9-45FF-9C7B-1515792A8836}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C64D49B7-7262-4DB1-AE7C-1ACECB98EF1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8AB53B3-237C-49FC-8F12-3DF04560B34B}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2E8EDDF-EF93-4B30-924B-5200C3D3A3B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DBAAF9C8-DB89-4BB4-ACBC-7C0E5D39DCC2}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC8AB241-6F46-498B-9E1A-3556DF55C3E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DFCF3AFA-EA03-4CBD-8CC5-C57325476D89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E78974E3-9175-4A38-8C17-A249C11ED3C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8D3DE0A-D772-443C-9B43-5C6AF275BAE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD7B0C98-8FC0-4255-93DD-15ABC6C39A1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0078A450-713D-4A32-99CA-77D23CCA75D0}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe |
"{0321C282-313A-4FD5-AC63-A5970D757374}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{034E492D-2A06-4920-B44B-EB7F36723B70}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{0370F170-4589-4259-83F0-BBF11C7A4C6B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{03BE1C7A-0EA0-4D9F-8B57-C821841E25D9}" = protocol=17 | dir=in | app=c:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe |
"{05F93FE2-D9BA-4C18-ADE3-678C20CE53F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0697DBA7-7BDD-4616-B052-5B83C65A6AC7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08EEB92C-8B0E-4A9B-8853-3754E927DB14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0A4B67B4-77F1-4EEA-AEA0-CF4D76AE9B27}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0C3792A9-CCEB-450C-A46D-C8169A7BE1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{0D36B411-15E1-4DCC-BC40-E8F5B4905C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0FD8EE79-844D-4FFE-9E81-874205B25FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{15D28C9E-B3D3-4F81-9ABD-50F2A2605C66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{161787FE-5E3F-405F-82AE-1A4616EBE79B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{17001408-FDAD-433A-AEA7-672F9FB251B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{193A1432-AB55-480E-9C0C-F1B5333B24F1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1BAAD3C3-D50D-4147-8676-25A53505D496}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1E09978C-9488-4EB0-BC7A-53EE8B22AA0D}" = protocol=6 | dir=out | app=system |
"{1E4956A2-AE8C-4C04-96C4-0F86B87885AE}" = protocol=6 | dir=in | app=c:\users\kanisius\appdata\local\temp\lolinstaller.exe |
"{2373D4BE-C43A-4DC3-8210-B2D5E2DB2F17}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{284C1964-218D-40B9-B789-B75BB5B8644C}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{2887260C-2CAF-4517-9145-FF69B5B265F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{29884C0B-7640-42F1-9DB9-C90BF69623B1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{2A818868-809C-4B63-96DF-F006321BD168}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{2B6379DD-7FC4-4D64-8B16-067C40214C12}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{2C8CD145-3C0A-4EFA-8A5A-E19C6DFC472C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2E048C6E-0528-43E1-8023-F6479527171C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2FBD83F4-95A9-4CDF-9C1D-A6E8BD45FFEE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2FC19F72-79D0-49AD-A19D-2650DFBBA453}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3154741F-5B9D-43E5-9C5B-80A7F4E9EA5E}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{3810E31E-D3C6-4626-8E0B-B3DC1CE4D37A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{3CEF9EFE-DDDB-4EB9-98C4-9BC226CDE04F}" = protocol=6 | dir=in | app=c:\program files\point blank\pointblank.exe |
"{3D09E055-0C98-404C-8BC3-F01C6E36ADC4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3F5F2E36-1A43-4EC3-8F66-56F83720F3B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3FB2B1A5-6570-4732-8BDF-F7850D13EE93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{46E13A0E-4777-4225-BEDD-F52489F31808}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4B2D1081-1040-4B3B-B2EA-AE02DCC13C7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4C227AAD-AA1F-4D41-8E27-7A92EE2622CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{4DA03B3C-5873-469E-879B-4FA9E9AEEDBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F641575-6DF2-46E2-A2BA-BA3953E4061A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{50E54B5D-46E3-46C9-BB94-40524CD9C83E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{532A5BB9-6856-4EA2-A575-4819F46D861D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{544EB2BD-744C-4D0A-A96B-AB592FB9BBA8}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{59E853B9-78C7-43C4-BF92-93DD4900E580}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{5AD2F1EA-90AE-4A2D-925E-9C0BBDE70B54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FF10629-D80E-4478-8FC9-3475798CD4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{5FFAC38B-86A1-40E8-B879-D9F14BA60FE9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{66A898D0-851A-4802-BA48-B9366B30421D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{66BF43ED-95D1-4915-A7A9-7788D7B418C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E6F4076-96AA-42B1-A9C0-0B3BEECF6DBE}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{74D6072C-1B24-4888-B609-652BA728E0FA}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{75E6D74D-C7C0-407E-B089-E3E420AD839F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{76A86125-29F4-4911-A306-D8720C4B54F7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{799706CC-0C82-4FB2-A5F5-E22C48189240}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BB6D65C-D3A5-4D37-8233-966F693B9BF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF744DC-7A76-4ED2-AEE7-FC8CFAE08311}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{7C76CE51-EB33-4ED7-9ADD-716A95BCE38B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80B9947A-713A-4C71-9002-53B82760F22A}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{814AEA72-6856-4831-B578-E22534525C39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{89846AF9-979B-42D0-84FB-9CC5E50AC58A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{89E2ED82-1A16-4603-85D0-9CAA04F67B69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A5DE62D-BF86-41CA-9AE7-94D5CFA15399}" = protocol=6 | dir=in | app=c:\program files\point blank\pointblank.exe |
"{8B6BFFFD-7B7B-4DCB-9997-CDB4F136F826}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{930A62D9-2601-47AF-8872-5F00C35998AC}" = protocol=17 | dir=in | app=c:\users\kanisius\appdata\local\temp\lolinstaller.exe |
"{93883985-EBEC-4AF8-B313-6C12D000A3C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{93FA80A7-A4F5-4988-A424-1AE9EBC7A3CA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{976BFD09-31ED-4B16-87B1-7F068D9AE149}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{98D290F4-9959-4758-AB94-55B881D13E20}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{9C3FA694-5C7A-4D6B-BDD5-275E8E06EAAE}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{A333180F-EDBA-428D-971D-8BD7119D8259}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A371099D-5BB0-4469-8CDA-CF80BCA23999}" = protocol=17 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe |
"{A4AA89A0-B040-4009-87C0-7C4709D400F4}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{A54C17F0-578B-4B76-B68F-171AA3B51CD8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7192440-F2F7-4D74-8833-16671040CD5D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdl.exe |
"{A7CB640C-B990-4ADC-A6E4-8D5A21182E59}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{A8F3877E-A868-4E8E-A54F-78409B0AE711}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{AE9CD2CF-10FA-4D5F-830A-54144FE8C38D}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B02F7982-2E28-44CE-95D9-EC00462F7AC5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{B46BD8C3-6355-478C-80C4-29B25186A269}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B76926FA-B4F1-412C-9D4B-1AAFBDDF1A0F}" = protocol=6 | dir=in | app=c:\program files (x86)\expressdownloader\expressdownloader.exe |
"{B948A208-569B-4A15-9FED-2959242231D0}" = protocol=6 | dir=in | app=c:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe |
"{BCB817E3-7376-4DBF-ACE1-528A12747D07}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{BD255A2A-64B7-4C36-9702-42C69B433C22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C12C54D7-A16D-40BB-8D50-434D36F1EDFE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{C27E049C-2654-4C15-9027-583260037C9D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CD74374C-475A-485E-8E9B-304FA04299D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7BECA00-D7C0-4BAF-B8B7-A83A8348FA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{D9628099-76D6-49C7-A68F-7325055EEA16}" = protocol=17 | dir=in | app=c:\program files\point blank\pointblank.exe |
"{DA24C37B-2048-4CE0-A76D-DB593C2D4B1F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{DBDA2D5D-3548-4A86-A57C-0BE8561CDE00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE8351CA-8C1A-4CCD-B4AC-9972780F175D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0E7FEBD-DAA3-45C1-92A8-80DAF8A4E56E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{E3E1F545-0C97-4137-A7C4-3E268AF3C2A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{E8C55B8C-9065-471B-B666-C374FA5B38F3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F3698206-F711-4703-94F8-9C90D25BC713}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{FC621E14-4A4E-4520-A584-5DF1DA9F8432}" = protocol=17 | dir=in | app=c:\program files\point blank\pointblank.exe |
"{FFF487C6-8AAF-460A-A23A-385A89BEBFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{30FEE19A-84D3-4E21-A43B-B5EA4F9BD07B}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"TCP Query User{56B6CC29-4D20-411C-A97F-B6A18CAB9992}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"TCP Query User{5ABF08BC-1DD0-43AB-853B-59D1EB6C045A}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{74530377-6395-4BCC-8089-BA96F8C9777C}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"TCP Query User{769382F6-B4C0-4E18-8C2A-7FEB62B971BF}C:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{932F7488-46C9-4D14-8F94-82DF90E1F380}C:\program files\adobe\adobe premiere pro cs5\pproheadless.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\pproheadless.exe |
"TCP Query User{9593C2CF-818C-431E-B056-D39B9DE6C938}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{98F8D9B7-1B9B-4A59-8039-9AC89455573F}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{A2F44419-6CAB-440A-9616-0DD9BB2BDE0D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{BA4B7762-9DFC-46D5-B3C1-6FA545BB58C4}C:\program files\blizzard\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\blizzard\diablo iii\diablo iii.exe |
"TCP Query User{BBDA5563-9A86-46F0-B33A-003E3FC7FE48}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{D597BE6C-7763-496E-940E-345159E170F6}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"TCP Query User{D82B2F61-710D-4619-92D0-EFB8C4D13D95}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"TCP Query User{ED128491-4A49-4057-A58C-73AD56D75B1F}C:\program files\blizzard\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\blizzard\diablo iii\diablo iii.exe |
"TCP Query User{FA37B148-CCDE-4D5D-8027-F9B57B14FD84}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{1B1C67CA-B86E-4B6B-BC0A-027FDCCF80EB}C:\program files\blizzard\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\blizzard\diablo iii\diablo iii.exe |
"UDP Query User{265BC918-FA84-4D02-8766-F90BA049B4D0}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"UDP Query User{2A94EB27-B123-493E-AF9A-EBC81C275DB0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3A03F8E0-AD5F-4517-B7F3-029CBD2B8137}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"UDP Query User{3F09666C-E163-4154-82C3-A5522F5E3F81}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{4CBAB933-1233-4A05-81E1-054CA79A1DDF}C:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kanisius\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50645D69-03EF-4899-A8A0-7BFBC731E409}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{59D99CA3-E185-4F0A-B345-7B0730FE491A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{84B9988C-FAD7-40CA-B4AA-CBEDB341471A}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"UDP Query User{A9AC57B5-9478-4F50-AE03-FB3137B6F8FD}C:\program files\blizzard\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\blizzard\diablo iii\diablo iii.exe |
"UDP Query User{B8F6A52A-92F2-454A-A9C4-4AE246EEDA7F}C:\program files\adobe\adobe premiere pro cs5\pproheadless.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\pproheadless.exe |
"UDP Query User{D302C77E-A586-4A4D-B514-F0119885A977}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{D8A44FDE-5633-41F0-995F-D128AE7487B1}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"UDP Query User{E46E2B35-9C3A-45D3-A437-986BA39754CC}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{F74434D5-438A-4CBC-A0B4-D1520C3BA2BD}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Cyrus MC400_is1" = Cyrus MC400
"EPSON T13 T22E Series" = EPSON T13 T22E Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = Smartfren Connex AC682 UI

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E3C6C75-872D-4B0D-B0B2-31C717250691}" = Adobe Encore CS5 Third Party Royalty Content
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{201906DC-8846-4D7E-85EE-E96B1CD63589}" = BlackBerry Device Software v7.1.0 for the BlackBerry 9810 smartphone
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0210.2
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565DE707-5798-4FC3-8DF6-0F58A348A9B0}" = Adobe Premiere Pro CS5 Third Party Royalty Content
"{5DDABB74-A879-4BE7-A4C6-FD41793942DB}" = Adobe Media Encoder CS5 Dolby X64
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9064317A-39C7-40D5-8CF5-04A254747B88}" = BlackBerry Device Software Updater
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE5DE662-2ECB-4D93-967B-221FBCC8A736}" = Adobe Soundbooth CS5 Codecs
"{E13249D4-C0D1-42E8-AF82-A117AA008A75}_is1" = XML:Wrench
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E44096DC-9389-47DE-9515-C7CA51EE05D7}" = BlackBerry Desktop Software 7.1
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F319804F-E3A4-4C02-8AEC-CB39A4F6447E}" = Adobe Soundbooth CS5 Royalty Codecs
"{F9C71630-0EE3-475C-9E2B-ED95AE197DBD}" = Adobe Media Encoder CS5 PCI X64
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media Video Converter Ultimate 6" = 4Media Video Converter Ultimate 6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"AVIcodec" = AVIcodec (remove only)
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"BurnAware Free_is1" = BurnAware Free 4.9
"Celtx (2.9.1)" = Celtx (2.9.1)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVDStyler_is1" = DVDStyler v2.3 rc 1
"EPSON T13 T22E Series Manual" = EPSON T13 T22E Series Manual
"FL Studio 9" = FL Studio 9
"FormatFactory" = FormatFactory 3.0.1
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0210.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LayoutsExpress" = LayoutsExpress
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"particleIllusion 3.0.4 demo version_is1" = particleIllusion 3.0.4 demo
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sawer" = Sawer
"Smartfren Connex EC306-2 UI" = Smartfren Connex EC306-2 UI
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The KMPlayer" = The KMPlayer (remove only)
"Toxic Biohazard" = Toxic Biohazard
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR 4.01" = WinRAR 4.01
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Video Downloader_is1" = YouTube Video Downloader 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2013 2:04:26 PM | Computer Name = Kanisius-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2/6/2013 2:04:33 PM | Computer Name = Kanisius-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/6/2013 2:17:28 PM | Computer Name = Kanisius-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Kanisius\Downloads\Programs\SoftonicDownloader_for_blackshot.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 2/6/2013 2:17:28 PM | Computer Name = Kanisius-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Kanisius\Downloads\Programs\SoftonicDownloader_for_need-for-speed-underground-2.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 2/6/2013 2:17:28 PM | Computer Name = Kanisius-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Kanisius\Downloads\Programs\SoftonicDownloader_for_need-for-speed-underground-2_2.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 2/6/2013 2:25:06 PM | Computer Name = Kanisius-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2/6/2013 2:26:18 PM | Computer Name = Kanisius-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/6/2013 3:08:47 PM | Computer Name = Kanisius-PC | Source = Application Hang | ID = 1002
Description = The program PCTools_Safe_Install_SD.exe version 1.3.0.24 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 109c Start
Time: 01ce049a408820e0 Termination Time: 2 Application Path: C:\Users\Kanisius\Downloads\PCTools_Safe_Install_SD.exe

Report
Id: a0d091c3-7090-11e2-b082-50e549eec3ee

Error - 2/6/2013 3:10:01 PM | Computer Name = Kanisius-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 2/6/2013 3:10:38 PM | Computer Name = Kanisius-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1/17/2013 5:51:37 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 4:51:37 AM - Error connecting to the internet. 4:51:37 AM - Unable
to contact server..

Error - 1/17/2013 5:52:11 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 4:52:06 AM - Error connecting to the internet. 4:52:06 AM - Unable
to contact server..

Error - 1/17/2013 6:52:56 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 5:52:56 AM - Error connecting to the internet. 5:52:56 AM - Unable
to contact server..

Error - 1/17/2013 6:53:26 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 5:53:25 AM - Error connecting to the internet. 5:53:25 AM - Unable
to contact server..

Error - 1/18/2013 5:04:35 AM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 4:04:34 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 1/20/2013 4:37:12 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 3:37:12 AM - Error connecting to the internet. 3:37:12 AM - Unable
to contact server..

Error - 1/20/2013 5:37:19 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 4:37:18 AM - Error connecting to the internet. 4:37:19 AM - Unable
to contact server..

Error - 1/20/2013 6:37:28 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 5:37:26 AM - Error connecting to the internet. 5:37:27 AM - Unable
to contact server..

Error - 1/20/2013 7:37:43 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 6:37:42 AM - Error connecting to the internet. 6:37:43 AM - Unable
to contact server..

Error - 1/31/2013 10:48:14 PM | Computer Name = Kanisius-PC | Source = MCUpdate | ID = 0
Description = 9:48:13 AM - Error connecting to the internet. 9:48:13 AM - Unable
to contact server..

[ System Events ]
Error - 2/6/2013 2:04:20 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Smartfren
Connex EC306-2 UI. OUC service to connect.

Error - 2/6/2013 2:04:20 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7000
Description = The Smartfren Connex EC306-2 UI. OUC service failed to start due to
the following error: %%1053

Error - 2/6/2013 2:19:56 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7034
Description = The CDROM_Eject_W service terminated unexpectedly. It has done this
1 time(s).

Error - 2/6/2013 2:22:45 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/6/2013 2:24:03 PM | Computer Name = Kanisius-PC | Source = Application Popup | ID = 1060
Description = \??\C:\username123\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 2/6/2013 2:24:22 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/6/2013 2:25:13 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Smartfren
Connex EC306-2 UI. OUC service to connect.

Error - 2/6/2013 2:25:13 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7000
Description = The Smartfren Connex EC306-2 UI. OUC service failed to start due to
the following error: %%1053

Error - 2/6/2013 3:10:00 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Smartfren
Connex EC306-2 UI. OUC service to connect.

Error - 2/6/2013 3:10:00 PM | Computer Name = Kanisius-PC | Source = Service Control Manager | ID = 7000
Description = The Smartfren Connex EC306-2 UI. OUC service failed to start due to
the following error: %%1053

< End of report >

Edited by bgirl8fasolla, 06 February 2013 - 02:39 PM.

Back to top

Advertisements

Register to Remove

#2 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 06 February 2013 - 05:25 PM

Welcome to the forum.

Download DDS from one of the links below and save it to your desktop:
http://download.blee...om/sUBs/dds.scr
http://download.blee...om/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
When done, DDS will open two (2) logs: DDS.txt and Attach.txt
Save both reports to your desktop
Please Copy & Paste the contents of the following logs in your next reply
You can ignore the note about zipping the Attach.txt file

Then.........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop along with the logs from DDS

MrC

Back to top

#3 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 07 February 2013 - 05:03 AM

Hello MrChalie, nice to meet you

These are the reports DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Kanisius at 17:49:57 on 2013-02-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8154.5798 [GMT 7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cyrus MC400\C+WEject.exe C:\ProgramData\DatacardService\HWDeviceService64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe C:\ProgramData\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe C:\Windows\system32\viakaraokesrv.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\mshta.exe C:\Windows\system32\PING.EXE C:\Windows\system32\PING.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: wxDownload Class: {4FC012DB-DD59-53D3-D67A-973DB35961D7} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: MrFroggy Class: {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [GoogleChromeAutoLaunch_B0A42425E02A264AE3EF4DC1B39A38A4] "C:\Users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED uRun: [webnxmer] "C:\ProgramData\nxmer\20223041" uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Kanisius\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kanisius\AppData\Roaming\Dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download video on this page - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 IE: Download video this links to - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/301 IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - IE: {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 TCP: Interfaces\{28148D80-4437-4B48-A9F2-2906B7A26A77} : DHCPNameServer = 112.215.71.243 112.215.71.242 TCP: Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.24 7.20,156.154.70.1,156.154.71.1 TCP: Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186} : NameServer = 10.17.3.244 10.17.3.245 TCP: Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C} : NameServer = 10.17.125.228 10.17.125.229 TCP: Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A} : NameServer = 10.17.125.228 10.17.125.229 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9ab6c35800000000000050e549eec3ee&q= FF - user.js: extensions.BabylonToolbar.id - 9ab6c35800000000000050e549eec3ee FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15598 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1217:08:13 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112472&tt=120912_nocpc_3712_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-6 16152] R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2013-2-7 413448] R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2013-2-7 453896] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2013-2-7 1096176] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 56208] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-6-6 21616] R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2013-2-7 253256] R2 CDROM_Eject_W;CDROM_Eject_W;C:\Program Files\Cyrus MC400\C+WEject.exe [2013-1-24 275456] R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-5-4 154272] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-6 161560] R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R2 UDisk Monitor;UDisk Monitor;C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [2012-12-16 406016] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-6 363800] R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-6-6 27760] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-6-15 86016] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-6 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-6 786200] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-6 104560] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-6 2184816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Smartfren Connex EC306-2 UI. RunOuc;Smartfren Connex EC306-2 UI. OUC;C:\Program Files (x86)\Smartfren Connex EC306-2 UI\UpdateDog\ouc.exe [2012-6-15 246112] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-15 117248] S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-6-15 13952] S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-6-15 421376] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-6-6 30528] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-6-6 160256] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-7-1 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-7-1 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-7-1 177640] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-20 517096] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248] S3 USB_BusEnum_T;EVDO Telecom USB Bus Enumerator;C:\Windows\System32\drivers\USB_BusEnum_T.sys [2012-12-16 44544] S3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;C:\Windows\System32\drivers\USB_BusEnum_W.sys [2013-1-24 44544] S3 USB_ETS_T;ZTE ETS Port FFDD;C:\Windows\System32\drivers\USB_ETS_T.sys [2012-12-16 21760] S3 USB_ETS_W;EVDO Rev A Service USB port w;C:\Windows\System32\drivers\USB_ETS_W.sys [2013-1-24 21760] S3 USB_WinMux_T;EVDO Telecom USB MUX Serial Port;C:\Windows\System32\drivers\USB_WinMux_T.sys [2012-12-16 37376] S3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;C:\Windows\System32\drivers\USB_WinMux_W.sys [2013-1-24 37376] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 UsbModemDriver;EVDO Rev A USB Modem w;C:\Windows\System32\drivers\USB_MODEM_W.sys [2013-1-24 28160] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-6 1255736] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-02-07 10:34:17 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F5C7A18-12EE-443E-8B09-85671A515FB6}\offreg.dll 2013-02-06 18:48:56 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys 2013-02-06 18:48:56 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys 2013-02-06 18:48:55 413448 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys 2013-02-06 18:48:54 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2013-02-06 18:48:54 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2013-02-06 18:46:20 -------- d-----w- C:\ProgramData\PC Tools 2013-02-06 18:46:19 -------- d-----w- C:\Users\Kanisius\AppData\Roaming\TestApp 2013-02-06 18:40:11 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-06 17:40:51 98816 ----a-w- C:\Windows\sed.exe 2013-02-06 17:40:51 256000 ----a-w- C:\Windows\PEV.exe 2013-02-06 17:40:51 208896 ----a-w- C:\Windows\MBR.exe 2013-02-06 17:21:49 -------- d-----w- C:\Program Files\Enigma Software Group 2013-02-06 17:21:14 -------- d-----w- C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-02-06 17:21:13 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-02-06 16:51:10 -------- d-----w- C:\ProgramData\nxmer 2013-02-03 19:24:12 -------- d-----w- C:\Program Files (x86)\xmlwrench 2013-01-26 18:09:46 142336 ----a-w- C:\Windows\System32\poqexec.exe 2013-01-26 18:09:46 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2013-01-26 16:55:54 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-01-26 16:55:53 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F5C7A18-12EE-443E-8B09-85671A515FB6}\mpengine.dll 2013-01-26 16:19:45 77312 ----a-w- C:\Windows\System32\packager.dll 2013-01-26 16:19:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-01-25 19:03:19 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-01-25 19:03:19 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-01-25 19:03:19 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-01-25 19:03:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-01-25 19:03:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-01-25 19:03:19 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-01-25 19:02:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-01-25 19:02:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-01-25 19:02:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-01-25 19:02:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-01-25 19:02:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-01-25 19:02:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-01-25 19:02:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-01-25 19:00:51 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-01-25 19:00:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-01-25 19:00:51 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-01-25 19:00:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-01-25 19:00:51 220672 ----a-w- C:\Windows\System32\wintrust.dll 2013-01-25 19:00:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-01-25 19:00:51 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-01-25 16:31:50 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-01-25 16:31:50 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2013-01-25 16:31:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-01-25 16:31:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-01-25 16:31:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2013-01-25 16:18:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-01-25 16:18:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-01-25 16:18:40 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-01-25 16:18:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-01-24 15:04:23 -------- d-----w- C:\FFOutput 2013-01-24 15:03:51 -------- d-----w- C:\Program Files (x86)\FreeTime 2013-01-24 14:30:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2013-01-24 11:31:57 -------- d-----w- C:\Users\Kanisius\AppData\Roaming\EVDO_General 2013-01-24 11:30:58 44544 ----a-w- C:\Windows\System32\drivers\USB_BusEnum_W.sys 2013-01-24 11:30:58 37376 ----a-w- C:\Windows\System32\drivers\USB_WinMux_W.sys 2013-01-24 11:30:58 28160 ----a-w- C:\Windows\System32\drivers\USB_MODEM_W.sys 2013-01-24 11:30:58 21760 ----a-w- C:\Windows\System32\drivers\USB_ETS_W.sys 2013-01-24 11:30:58 -------- d-----w- C:\Program Files\Cyrus MC400 2013-01-22 12:48:02 -------- d-----w- C:\Users\Kanisius\AppData\Roaming\Tomabo 2013-01-22 12:48:02 -------- d-----w- C:\Program Files (x86)\Tomabo 2013-01-13 04:43:28 -------- d-----w- C:\Users\Kanisius\AppData\Local\Sony 2013-01-13 04:43:28 -------- d-----w- C:\Program Files\Sony 2013-01-13 04:43:28 -------- d-----w- C:\Program Files (x86)\Sony 2013-01-11 14:16:46 -------- d-----w- C:\ProgramData\Protexis 2013-01-11 14:08:18 -------- d-----w- C:\ProgramData\eSellerate 2013-01-11 14:08:00 -------- d-----w- C:\Program Files (x86)\SmartSound Software 2013-01-11 14:07:59 -------- d-----w- C:\ProgramData\SmartSound Software Inc 2013-01-11 14:07:04 -------- d-----w- C:\Windows\RegisteredPackages 2013-01-11 14:07:03 -------- d--h--w- C:\Windows\msdownld.tmp 2013-01-11 14:05:36 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2013-01-11 14:05:36 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2013-01-11 14:05:36 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2013-01-11 14:05:36 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2013-01-11 14:02:35 -------- d-----w- C:\Program Files (x86)\Windows Media Components 2013-01-11 13:58:46 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe . ==================== Find3M ==================== . 2013-02-07 10:04:51 151552 ----a-w- C:\Windows\KMSEmulator.exe 2013-01-10 15:18:37 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-10 15:18:37 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-25 09:32:16 116224 ----a-w- C:\Program Files\LoL_Install_120822.exe . ============= FINISH: 17:50:09.99 ===============

Edited by bgirl8fasolla, 07 February 2013 - 05:12 AM.

Back to top

#4 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 07 February 2013 - 05:05 AM

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/6/2012 6:29:20 AM System Uptime: 2/7/2013 5:04:24 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z77M-D3H Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | Intel® Core™ i7-2600K CPU @ 3.40GHz | 3801/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 514 GiB total, 274.369 GiB free. D: is FIXED (NTFS) - 417 GiB total, 220.717 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301 Manufacturer: Microsoft Name: High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301 Service: HdAudAddService . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&FA2F13B&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&FA2F13B&0 Service: i8042prt . ==== System Restore Points =================== . RP84: 2/4/2013 10:06:10 AM - Scheduled Checkpoint RP85: 2/7/2013 12:21:22 AM - Installed SpyHunter RP86: 2/7/2013 1:00:49 AM - Removed SpyHunter RP87: 2/7/2013 3:05:37 AM - OTL Restore Point - 2/7/2013 3:05:35 AM . ==== Installed Programs ====================== . 4Media Video Converter Ultimate 6 Adobe After Effects CS5 Third Party Content Adobe After Effects CS5 Third Party Royalty Content Adobe After Effects CS6 Adobe AIR Adobe Creative Suite 5 Master Collection Adobe Encore CS5 Third Party Royalty Content Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Media Encoder CS5 Dolby X64 Adobe Media Encoder CS5 PCI X64 Adobe Media Player Adobe Premiere Pro CS5 Third Party Royalty Content Adobe Reader X (10.1.5) Adobe Shockwave Player 11.5 Adobe Soundbooth CS5 Codecs Adobe Soundbooth CS5 Royalty Codecs Aegisub 2.1.9 Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Audacity 2.0 AVIcodec (remove only) BitTorrent bl BlackBerry Desktop Software 7.1 BlackBerry Device Software Updater BlackBerry Device Software v7.1.0 for the BlackBerry 9810 smartphone Bonjour BurnAware Free 4.9 Celtx (2.9.1) Cyrus MC400 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox DVDStyler v2.3 rc 1 Easy Tune 6 B12.0210.2 Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) EPSON T13 T22E Series Manual EPSON T13 T22E Series Printer Uninstall FL Studio 9 FormatFactory 3.0.1 Google Chrome Hardcore Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) IL Download Manager Intel® Management Engine Components Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Internet Download Manager iTunes Java 7 Update 9 Java Auto Updater JavaFX 2.1.1 K-Lite Codec Pack 5.2.0 (Full) LayoutsExpress Magic Bullet Suite 64-bit Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT Redists NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 280.19 NVIDIA 3D Vision Driver 280.26 NVIDIA Control Panel 280.26 NVIDIA Graphics Driver 280.26 NVIDIA HD Audio Driver 1.2.23.3 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver ON_OFF Charge B11.1102.1 particleIllusion 3.0.4 demo PDF Settings CS5 ph Platform PoiZone PunkBuster Services PxMergeModule QuickTime Samsung Kies SAMSUNG USB Driver for Mobile Phones Sawer Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Smartfren Connex AC682 UI Smartfren Connex EC306-2 UI SmartSound Common Data SmartSound Quicktracks 5 Splashtop Connect for Firefox Splashtop Connect for IE Subtitle Workshop 2.51 The KMPlayer (remove only) Toxic Biohazard Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vegas Pro 12.0 (64-bit) VIA Platform Device Manager Windows Media Encoder 9 Series WinRAR 4.01 WinRAR 4.01 (64-bit) XML:Wrench Yahoo! Messenger Yahoo! Software Update YouTube Video Downloader 3 . ==== Event Viewer Messages From Past Week ======== . 2/7/2013 5:04:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Smartfren Connex EC306-2 UI. OUC service to connect. 2/7/2013 5:04:48 PM, Error: Service Control Manager [7000] - The Smartfren Connex EC306-2 UI. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/7/2013 12:48:27 AM, Error: Application Popup [1060] - \??\C:\123combo\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2/7/2013 1:24:22 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/7/2013 1:24:03 AM, Error: Application Popup [1060] - \??\C:\username123\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2/7/2013 1:19:56 AM, Error: Service Control Manager [7034] - The CDROM_Eject_W service terminated unexpectedly. It has done this 1 time(s). 2/2/2013 1:31:10 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding 2/1/2013 11:09:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 2/1/2013 10:03:54 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================

Back to top

#5 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 07 February 2013 - 05:06 AM

RogueKiller V8.4.4 _x64_ [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kanisius [Admin rights]
Mode : Scan -- Date : 02/07/2013 17:52:40
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : webnxmer ("C:\ProgramData\nxmer\20223041") -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-1372548219-439290359-1192898563-1000[...]\Run : webnxmer ("C:\ProgramData\nxmer\20223041") -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.2
47.20,156.154.70.1,156.154.71.1) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186} : NameServer (10.17.3.244 10.17.3.245) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C} : NameServer (10.17.125.228 10.17.125.229) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A} : NameServer (10.17.125.228 10.17.125.229) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.2
47.20,156.154.70.1,156.154.71.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186} : NameServer (10.17.3.244 10.17.3.245) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C} : NameServer (10.17.125.228 10.17.125.229) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A} : NameServer (10.17.125.228 10.17.125.229) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] f95c788d448572101b237689fd0bc623
[BSP] 4e9143263fec33e7c606df138262cb5b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 526419 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1078312960 | Size: 427348 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02072013_02d1752.txt >>
RKreport[1]_S_02072013_02d1752.txt

Back to top

#6 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 07 February 2013 - 10:57 AM

Do you recognize these two programs:

C:\ProgramData\nxmer\20223041
C:\ProgramData\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe

Then..........

Download, install and run a quick scan with Malwarebytes Anti-Malware as outlined in the link below: (post back the log)
http://www.bleepingc...alware-tutorial <---MB tutorial

MrC

Back to top

#7 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 07 February 2013 - 12:14 PM

Hello MrChalie

Smartfren Connex EC306-2 UI is my broadband modem I do not recognize C:\ProgramData\nxmer\20223041 Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.07.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Kanisius :: KANISIUS-PC [administrator] 2/8/2013 1:02:43 AM MBAM-log-2013-02-08 (01-04-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 246745 Time elapsed: 1 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> No action taken. Registry Values Detected: 1 HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Data: 15/09/2012 -- 12:28 -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\OptimizerPro1\OptimizerPro11.exe (Trojan.Dropper) -> No action taken. (end)

Back to top

#8 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 07 February 2013 - 03:47 PM

OK, can you take a look inside for any files.
C:\ProgramData\nxmer\20223041

-------------------------------------

I suggest you have MB delete all it found:
No action taken. <-----

----------------------------------------

How's the computer?? any improvement??

--------------------------------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall
If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.

MrC

Back to top

#9 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 08 February 2013 - 08:31 AM

Hello, I have looked into C:\ProgramData\nxmer I find C:\ProgramData\nxmer\bg.jpg is the picture that inside the porn pop up. I think nxmer folder is the malware? I have run MB Internet access Windows Update Windows Firewall are running normally --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 3.410000 GHz Memory total: 8550232064, free: 6369062912 ------------ Kernel report ------------ 02/08/2013 20:44:44 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\pctDS64.sys \SystemRoot\system32\drivers\PCTCore64.sys \SystemRoot\system32\drivers\pctEFA64.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\System32\Drivers\PCTSD64.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\AppleCharger.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\USB_MODEM_W.sys \SystemRoot\system32\DRIVERS\USB_ETS_W.sys \SystemRoot\system32\DRIVERS\USB_BusEnum_W.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USB_WinMux_W.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\exfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8006c2d790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a4\ Lower Device Object: 0xfffffa80096ccb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80093d4790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009f\ Lower Device Object: 0xfffffa8008d83b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007747060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800770a680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.02.08.06 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007747060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007685b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007747060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800773bcf0, DeviceName: Unknown, DriverName: \Driver\PCTCore\ DevicePointer: 0xfffffa80076789b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800770a680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a005127400, 0xfffffa8007747060, 0xfffffa800b5c4790 Lower DeviceData: 0xfffff8a003870a10, 0xfffffa800770a680, 0xfffffa8006a86090 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6C5701F1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1078106112 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1078312960 Numsec = 875208704 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa80093d4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008d75b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80093d4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008da02f0, DeviceName: Unknown, DriverName: \Driver\PCTCore\ DevicePointer: 0xfffffa8008d83b60, DeviceName: \Device\0000009f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8006c2d790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a636040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006c2d790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009d4bcf0, DeviceName: Unknown, DriverName: \Driver\PCTCore\ DevicePointer: 0xfffffa80096ccb60, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00a4c1a50, 0xfffffa8006c2d790, 0xfffffa800b6a4790 Lower DeviceData: 0xfffff8a00b681770, 0xfffffa80096ccb60, 0xfffffa800b537090 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2846E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1030393856 Partition file system is NTFS Partition is not bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1030395904 Numsec = 923119616 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000202043392 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: c:\ProgramData\OptimizerPro1\OptimizerPro11.exe --> [Trojan.Dropper] Infected: HKCU\SOFTWARE\CYBER|FirstExecution --> [Backdoor.Trace] Infected: HKCU\SOFTWARE\CYBER --> [Backdoor.Trace] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.410000 GHz Memory total: 8550232064, free: 6973046784 Removal queue found; removal started Removing c:\ProgramData\OptimizerPro1\OptimizerPro11.exe... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.410000 GHz Memory total: 8550232064, free: 6823170048 ------------ Kernel report ------------ 02/08/2013 21:04:53 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\pctDS64.sys \SystemRoot\system32\drivers\PCTCore64.sys \SystemRoot\system32\drivers\pctEFA64.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\System32\Drivers\PCTSD64.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\AppleCharger.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\ew_jubusenum.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USB_MODEM_W.sys \SystemRoot\system32\DRIVERS\USB_ETS_W.sys \SystemRoot\system32\DRIVERS\USB_BusEnum_W.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USB_WinMux_W.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\wininet.dll \Windows\System32\oleaut32.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\msctf.dll \Windows\System32\clbcatq.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\psapi.dll \Windows\System32\imm32.dll \Windows\System32\setupapi.dll \Windows\System32\imagehlp.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\gdi32.dll \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800ae95790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a2\ Lower Device Object: 0xfffffa800a692060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800780c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800770e680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800780c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800780c2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800780c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80076848c0, DeviceName: Unknown, DriverName: \Driver\PCTCore\ DevicePointer: 0xfffffa80076809b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800770e680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a005c2b0a0, 0xfffffa800780c790, 0xfffffa8008758790 Lower DeviceData: 0xfffff8a0052a0520, 0xfffffa800770e680, 0xfffffa80067c18a0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6C5701F1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1078106112 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1078312960 Numsec = 875208704 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa800ae95790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80068205f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ae95790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007d29040, DeviceName: Unknown, DriverName: \Driver\PCTCore\ DevicePointer: 0xfffffa800a692060, DeviceName: \Device\000000a2\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished =======================================

Back to top

#10 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 08 February 2013 - 08:34 AM

Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Kanisius :: KANISIUS-PC [administrator] 2/8/2013 8:57:31 PM mbar-log-2013-02-08 (20-57-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30619 Time elapsed: 4 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Delete on reboot. Registry Values Detected: 1 HKCU\SOFTWARE\CYBER|FirstExecution (Backdoor.Trace) -> Data: 15/09/2012 -- 12:28 -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\ProgramData\OptimizerPro1\OptimizerPro11.exe (Trojan.Dropper) -> Delete on reboot. (end)

Back to top

Advertisements

Register to Remove

#11 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 08 February 2013 - 09:33 AM

Did the second scan come up clean???
-----------------
Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Back to top

#12 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 08 February 2013 - 12:06 PM

Hello, this is the file you asked ComboFix 13-02-07.02 - Kanisius 02/09/2013 0:41.3.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8154.6192 [GMT 7:00] Running from: c:\users\Kanisius\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kanisius\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 17:45 . 2013-02-08 17:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-02-08 17:45 . 2013-02-08 17:45 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-08 17:45 . 2013-02-08 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 14:35 . 2013-02-08 14:35 -------- d-----w- c:\programdata\nxmer 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Malwarebytes 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\programdata\Malwarebytes 2013-02-07 17:59 . 2013-02-08 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\users\Kanisius\AppData\Local\Programs 2013-02-06 18:48 . 2012-02-28 04:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2013-02-06 18:48 . 2012-02-28 04:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2013-02-06 18:48 . 2012-10-22 09:38 413448 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2013-02-06 18:48 . 2013-02-06 18:48 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2013-02-06 18:48 . 2012-11-01 08:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2013-02-06 18:46 . 2013-02-06 18:46 -------- d-----w- c:\programdata\PC Tools 2013-02-06 18:46 . 2013-02-06 18:46 -------- d-----w- c:\users\Kanisius\AppData\Roaming\TestApp 2013-02-06 17:21 . 2013-02-06 17:21 -------- d-----w- c:\program files\Enigma Software Group 2013-02-06 17:21 . 2013-02-06 18:01 -------- d-----w- c:\windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-02-06 17:21 . 2013-02-06 17:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-02-03 19:24 . 2013-02-03 19:24 -------- d-----w- c:\program files (x86)\xmlwrench 2013-01-26 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2013-01-26 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2013-01-26 16:55 . 2013-01-14 19:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F5C7A18-12EE-443E-8B09-85671A515FB6}\mpengine.dll 2013-01-26 16:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2013-01-26 16:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-01-25 19:03 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-01-25 19:03 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-01-25 19:03 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-01-25 19:03 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-01-25 19:03 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-01-25 19:03 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-01-25 19:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-25 19:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-25 19:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-25 19:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-25 19:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-25 19:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-25 19:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-25 19:01 . 2013-01-25 19:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-01-25 19:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-25 19:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2013-01-25 19:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-25 19:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-25 19:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-01-25 19:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-01-25 19:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-01-25 16:31 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2013-01-25 16:31 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-25 16:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-25 16:31 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-01-25 16:31 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-25 16:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-25 16:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-25 16:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-25 16:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-25 16:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-25 16:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-25 16:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-25 16:18 . 2012-06-02 08:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-25 16:18 . 2012-06-02 08:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-24 15:04 . 2013-01-24 15:04 -------- d-----w- C:\FFOutput 2013-01-24 15:03 . 2013-01-24 15:03 -------- d-----w- c:\program files (x86)\FreeTime 2013-01-24 14:30 . 2013-01-24 14:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2013-01-24 11:31 . 2013-01-24 11:34 -------- d-----w- c:\users\Kanisius\AppData\Roaming\EVDO_General 2013-01-24 11:30 . 2013-01-24 11:30 -------- d-----w- c:\program files\Cyrus MC400 2013-01-24 11:30 . 2011-04-07 22:18 28160 ----a-w- c:\windows\system32\drivers\USB_MODEM_W.sys 2013-01-24 11:30 . 2009-11-04 20:50 44544 ----a-w- c:\windows\system32\drivers\USB_BusEnum_W.sys 2013-01-24 11:30 . 2009-10-26 17:45 37376 ----a-w- c:\windows\system32\drivers\USB_WinMux_W.sys 2013-01-24 11:30 . 2008-05-30 05:25 21760 ----a-w- c:\windows\system32\drivers\USB_ETS_W.sys 2013-01-22 12:48 . 2013-01-22 13:58 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Tomabo 2013-01-22 12:48 . 2013-01-22 12:48 -------- d-----w- c:\program files (x86)\Tomabo 2013-01-13 04:58 . 2013-01-13 04:58 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Publish Providers 2013-01-13 04:43 . 2013-01-13 04:45 -------- d-----w- c:\users\Kanisius\AppData\Local\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\programdata\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\program files\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\program files (x86)\Sony 2013-01-13 04:43 . 2013-01-13 05:53 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Sony 2013-01-11 14:16 . 2013-01-11 14:16 -------- d-----w- c:\programdata\Protexis 2013-01-11 14:08 . 2013-01-11 14:08 -------- d-----w- c:\programdata\eSellerate 2013-01-11 14:08 . 2013-01-11 14:08 -------- d-----w- c:\program files (x86)\SmartSound Software 2013-01-11 14:07 . 2013-01-11 14:08 -------- d-----w- c:\programdata\SmartSound Software Inc 2013-01-11 14:07 . 2013-01-11 14:07 -------- d--h--w- c:\windows\msdownld.tmp 2013-01-11 14:05 . 2005-04-13 10:00 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2013-01-11 14:05 . 2001-09-04 21:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2013-01-11 14:05 . 2001-09-04 21:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2013-01-11 14:05 . 2001-09-04 21:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2013-01-11 14:02 . 2013-01-11 14:02 -------- d-----w- c:\program files (x86)\Windows Media Components 2013-01-11 13:58 . 2002-07-25 09:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 17:46 . 2012-06-05 23:59 151552 ----a-w- c:\windows\KMSEmulator.exe 2013-02-08 16:16 . 2012-06-06 07:54 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 16:16 . 2012-06-06 07:54 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-15 02:02 . 2012-12-27 13:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-01-15 02:01 . 2012-12-16 10:24 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-15 02:00 . 2012-12-19 06:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-01-07 01:39 . 2012-12-16 10:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-01-07 01:09 . 2012-12-19 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-01-07 00:33 . 2012-12-16 10:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-03 13:42 . 2012-12-16 10:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-27 13:02 . 2012-12-27 13:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-25 09:32 . 2012-08-25 09:32 116224 ----a-w- c:\program files\LoL_Install_120822.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-06-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-06-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-08-29 165776] . [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4FC012DB-DD59-53D3-D67A-973DB35961D7}] c:\programdata\wxDownload\505453fa2b2e0.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] c:\program files (x86)\Minibar\Froggy.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] c:\program files (x86)\Minibar\Kango.dll [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "webnxmer"="c:\programdata\nxmer\20223041" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-06 3487128] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800] "GoogleChromeAutoLaunch_B0A42425E02A264AE3EF4DC1B39A38A4"="c:\users\Kanisius\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2013-01-17 980376] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544] "STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Kanisius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Kanisius\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Smartfren Connex EC306-2 UI. RunOuc;Smartfren Connex EC306-2 UI. OUC;c:\program files (x86)\Smartfren Connex EC306-2 UI\UpdateDog\ouc.exe [2012-06-15 246112] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-06-15 117248] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-06-15 13952] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-06-15 421376] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-06 30528] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528] R3 npkycryp;npkycryp;c:\program files\RagnarokOnline\npkycryp.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USB_BusEnum_T;EVDO Telecom USB Bus Enumerator;c:\windows\system32\DRIVERS\USB_BusEnum_T.sys [2009-11-05 44544] R3 USB_ETS_T;ZTE ETS Port FFDD;c:\windows\system32\DRIVERS\USB_ETS_T.sys [2008-05-30 21760] R3 USB_WinMux_T;EVDO Telecom USB MUX Serial Port;c:\windows\system32\DRIVERS\USB_WinMux_T.sys [2009-10-27 37376] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x] R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x] R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-02 56208] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256] S2 CDROM_Eject_W;CDROM_Eject_W;c:\program files\Cyrus MC400\C+WEject.exe [2012-04-05 275456] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560] S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S2 UDisk Monitor;UDisk Monitor;c:\program files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [2011-05-09 406016] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-06-15 86016] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560] S3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;c:\windows\system32\DRIVERS\USB_BusEnum_W.sys [2009-11-04 44544] S3 USB_ETS_W;EVDO Rev A Service USB port w;c:\windows\system32\DRIVERS\USB_ETS_W.sys [2008-05-30 21760] S3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;c:\windows\system32\DRIVERS\USB_WinMux_W.sys [2009-10-26 37376] S3 UsbModemDriver;EVDO Rev A USB Modem w;c:\windows\system32\DRIVERS\USB_MODEM_W.sys [2011-04-07 28160] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816] . . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 16:16] . 2013-02-08 c:\windows\Tasks\AutoKMSDaily.job - c:\windows\AutoKMS\AutoKMS.exe [2012-06-05 23:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download video on this page - c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 IE: Download video this links to - c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/301 IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 IE: {{AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files (x86)\Minibar\MinibarButton.dll TCP: Interfaces\{5B867BCE-97C9-4611-8ACA-8EE5560DFE7A}: NameServer = 10.8.15.15 10.8.17.4 TCP: Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.24 7.20,156.154.70.1,156.154.71.1 TCP: Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186}: NameServer = 10.17.3.244 10.17.3.245 TCP: Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C}: NameServer = 10.17.125.228 10.17.125.229 TCP: Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A}: NameServer = 10.17.125.228 10.17.125.229 FF - ProfilePath - c:\users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9ab6c35800000000000050e549eec3ee&q= FF - user.js: extensions.BabylonToolbar.id - 9ab6c35800000000000050e549eec3ee FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15598 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1217:08 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112472&tt=120912_nocpc_3712_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1372548219-439290359-1192898563-1000_Classes\Wow6432Node\CLSID\{3f5f6b19-5998-4fd5-88b9-516d80cc9a71}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000116 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-1372548219-439290359-1192898563-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):29,d5,c1,8c,15,43,f6,c6,2f,0a,d4,10,c9,b4,95,a1,91,d3,8a,1c,9f, e9,c0,7d,33,1f,53,bc,d8,58,25,4e,3f,29,fd,e3,1d,2b,ea,19,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:93,32,9a,7f,75,de,cf,b7,c4,95,f9,49,9c,5d,37,a0,c4,6a,b8,0e,24, 47,22,a2,1f,35,9d,d6,bf,ae,03,aa,5d,d9,4d,5c,18,92,e4,9e,10,59,61,c5,ba,84,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:93,32,9a,7f,75,de,cf,b7,c4,95,f9,49,9c,5d,37,a0,c4,6a,b8,0e,24, 47,22,a2,1f,35,9d,d6,bf,ae,03,aa,5d,d9,4d,5c,18,92,e4,9e,10,59,61,c5,ba,84,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\programdata\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe c:\program files (x86)\Internet Download Manager\IEMonitor.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-02-09 00:50:11 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-08 17:50 ComboFix2.txt 2013-02-06 18:28 . Pre-Run: 301,519,192,064 bytes free Post-Run: 301,075,525,632 bytes free . - - End Of File - - DEFB9FB618C10B2FABF0C5875219A606

Back to top

#13 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 08 February 2013 - 12:21 PM

Using ComboFix......
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Folder::
c:\programdata\nxmer

Driver::
X6va009
X6va010
X6va011

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"webnxmer"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Back to top

#14 bgirl8fasolla

New Member

Authentic Member
13 posts

Posted 08 February 2013 - 01:47 PM

Hello, sorry I forgot to answer tour question.. Yes, the second scan result with malwarebytes is clean. This is the combiFix log

ComboFix 13-02-07.02 - Kanisius 02/09/2013 2:12.5.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8154.6069 [GMT 7:00] Running from: c:\users\Kanisius\Desktop\ComboFix.exe Command switches used :: c:\users\Kanisius\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\nxmer c:\programdata\nxmer\2.dat c:\programdata\nxmer\20223041.bat c:\programdata\nxmer\20223041.h c:\programdata\nxmer\bg.jpg c:\programdata\nxmer\resta.bat . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_X6VA009 -------\Legacy_X6VA010 -------\Legacy_X6VA011 -------\Service_X6va009 -------\Service_X6va010 -------\Service_X6va011 . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 19:16 . 2013-02-08 19:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-02-08 19:16 . 2013-02-08 19:16 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-08 19:16 . 2013-02-08 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Malwarebytes 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\programdata\Malwarebytes 2013-02-07 17:59 . 2013-02-08 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-07 17:59 . 2013-02-07 17:59 -------- d-----w- c:\users\Kanisius\AppData\Local\Programs 2013-02-06 18:48 . 2012-02-28 04:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2013-02-06 18:48 . 2012-02-28 04:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2013-02-06 18:48 . 2012-10-22 09:38 413448 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2013-02-06 18:48 . 2013-02-06 18:48 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2013-02-06 18:48 . 2012-11-01 08:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2013-02-06 18:46 . 2013-02-06 18:46 -------- d-----w- c:\programdata\PC Tools 2013-02-06 18:46 . 2013-02-06 18:46 -------- d-----w- c:\users\Kanisius\AppData\Roaming\TestApp 2013-02-06 17:21 . 2013-02-06 17:21 -------- d-----w- c:\program files\Enigma Software Group 2013-02-06 17:21 . 2013-02-06 18:01 -------- d-----w- c:\windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-02-06 17:21 . 2013-02-06 17:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-02-03 19:24 . 2013-02-03 19:24 -------- d-----w- c:\program files (x86)\xmlwrench 2013-01-26 18:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2013-01-26 18:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2013-01-26 16:55 . 2013-01-14 19:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F5C7A18-12EE-443E-8B09-85671A515FB6}\mpengine.dll 2013-01-26 16:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2013-01-26 16:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-01-25 19:03 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-01-25 19:03 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-01-25 19:03 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-01-25 19:03 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-01-25 19:03 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-01-25 19:03 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-01-25 19:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-25 19:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-25 19:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-25 19:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-25 19:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-25 19:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-25 19:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-25 19:01 . 2013-01-25 19:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-01-25 19:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-25 19:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2013-01-25 19:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-25 19:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-25 19:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-01-25 19:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-01-25 19:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-01-25 16:31 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2013-01-25 16:31 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-25 16:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-25 16:31 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-01-25 16:31 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-25 16:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-25 16:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-25 16:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-25 16:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-25 16:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-25 16:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-25 16:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-25 16:18 . 2012-06-02 08:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-25 16:18 . 2012-06-02 08:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-24 15:04 . 2013-01-24 15:04 -------- d-----w- C:\FFOutput 2013-01-24 15:03 . 2013-01-24 15:03 -------- d-----w- c:\program files (x86)\FreeTime 2013-01-24 14:30 . 2013-01-24 14:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2013-01-24 11:31 . 2013-01-24 11:34 -------- d-----w- c:\users\Kanisius\AppData\Roaming\EVDO_General 2013-01-24 11:30 . 2013-01-24 11:30 -------- d-----w- c:\program files\Cyrus MC400 2013-01-24 11:30 . 2011-04-07 22:18 28160 ----a-w- c:\windows\system32\drivers\USB_MODEM_W.sys 2013-01-24 11:30 . 2009-11-04 20:50 44544 ----a-w- c:\windows\system32\drivers\USB_BusEnum_W.sys 2013-01-24 11:30 . 2009-10-26 17:45 37376 ----a-w- c:\windows\system32\drivers\USB_WinMux_W.sys 2013-01-24 11:30 . 2008-05-30 05:25 21760 ----a-w- c:\windows\system32\drivers\USB_ETS_W.sys 2013-01-22 12:48 . 2013-01-22 13:58 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Tomabo 2013-01-22 12:48 . 2013-01-22 12:48 -------- d-----w- c:\program files (x86)\Tomabo 2013-01-13 04:58 . 2013-01-13 04:58 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Publish Providers 2013-01-13 04:43 . 2013-01-13 04:45 -------- d-----w- c:\users\Kanisius\AppData\Local\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\programdata\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\program files\Sony 2013-01-13 04:43 . 2013-01-13 04:43 -------- d-----w- c:\program files (x86)\Sony 2013-01-13 04:43 . 2013-01-13 05:53 -------- d-----w- c:\users\Kanisius\AppData\Roaming\Sony 2013-01-11 14:16 . 2013-01-11 14:16 -------- d-----w- c:\programdata\Protexis 2013-01-11 14:08 . 2013-01-11 14:08 -------- d-----w- c:\programdata\eSellerate 2013-01-11 14:08 . 2013-01-11 14:08 -------- d-----w- c:\program files (x86)\SmartSound Software 2013-01-11 14:07 . 2013-01-11 14:08 -------- d-----w- c:\programdata\SmartSound Software Inc 2013-01-11 14:07 . 2013-01-11 14:07 -------- d--h--w- c:\windows\msdownld.tmp 2013-01-11 14:05 . 2005-04-13 10:00 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2013-01-11 14:05 . 2001-09-04 21:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2013-01-11 14:05 . 2001-09-04 21:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2013-01-11 14:05 . 2001-09-04 21:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2013-01-11 14:02 . 2013-01-11 14:02 -------- d-----w- c:\program files (x86)\Windows Media Components 2013-01-11 13:58 . 2002-07-25 09:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 19:17 . 2012-06-05 23:59 151552 ----a-w- c:\windows\KMSEmulator.exe 2013-02-08 16:16 . 2012-06-06 07:54 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 16:16 . 2012-06-06 07:54 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-15 02:02 . 2012-12-27 13:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-01-15 02:01 . 2012-12-16 10:24 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-01-15 02:00 . 2012-12-19 06:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-01-07 01:39 . 2012-12-16 10:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-01-07 01:09 . 2012-12-19 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-01-07 00:33 . 2012-12-16 10:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-01-03 13:42 . 2012-12-16 10:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-27 13:02 . 2012-12-27 13:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-25 09:32 . 2012-08-25 09:32 116224 ----a-w- c:\program files\LoL_Install_120822.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-06-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-06-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-08-29 165776] . [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4FC012DB-DD59-53D3-D67A-973DB35961D7}] c:\programdata\wxDownload\505453fa2b2e0.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] c:\program files (x86)\Minibar\Froggy.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] c:\program files (x86)\Minibar\Kango.dll [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-06 3487128] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2013-01-17 980376] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544] "STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Kanisius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Kanisius\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Smartfren Connex EC306-2 UI. RunOuc;Smartfren Connex EC306-2 UI. OUC;c:\program files (x86)\Smartfren Connex EC306-2 UI\UpdateDog\ouc.exe [2012-06-15 246112] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-06-15 117248] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-06-15 13952] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-06-15 421376] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-06 30528] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528] R3 npkycryp;npkycryp;c:\program files\RagnarokOnline\npkycryp.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USB_BusEnum_T;EVDO Telecom USB Bus Enumerator;c:\windows\system32\DRIVERS\USB_BusEnum_T.sys [2009-11-05 44544] R3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;c:\windows\system32\DRIVERS\USB_BusEnum_W.sys [2009-11-04 44544] R3 USB_ETS_T;ZTE ETS Port FFDD;c:\windows\system32\DRIVERS\USB_ETS_T.sys [2008-05-30 21760] R3 USB_ETS_W;EVDO Rev A Service USB port w;c:\windows\system32\DRIVERS\USB_ETS_W.sys [2008-05-30 21760] R3 USB_WinMux_T;EVDO Telecom USB MUX Serial Port;c:\windows\system32\DRIVERS\USB_WinMux_T.sys [2009-10-27 37376] R3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;c:\windows\system32\DRIVERS\USB_WinMux_W.sys [2009-10-26 37376] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 UsbModemDriver;EVDO Rev A USB Modem w;c:\windows\system32\DRIVERS\USB_MODEM_W.sys [2011-04-07 28160] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-02 56208] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256] S2 CDROM_Eject_W;CDROM_Eject_W;c:\program files\Cyrus MC400\C+WEject.exe [2012-04-05 275456] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560] S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S2 UDisk Monitor;UDisk Monitor;c:\program files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [2011-05-09 406016] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-06-15 86016] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816] . . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 16:16] . 2013-02-08 c:\windows\Tasks\AutoKMSDaily.job - c:\windows\AutoKMS\AutoKMS.exe [2012-06-05 23:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kanisius\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download video on this page - c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 IE: Download video this links to - c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/301 IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://c:\program files (x86)\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 IE: {{AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files (x86)\Minibar\MinibarButton.dll TCP: Interfaces\{6C31DC70-E101-4A5A-9914-415AF3FE8F47}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.24 7.20,156.154.70.1,156.154.71.1 TCP: Interfaces\{956BC222-5F84-4DC9-A781-03C25F118186}: NameServer = 10.17.3.244 10.17.3.245 TCP: Interfaces\{B8446A00-EE65-4A95-86BC-A9F9CFD1627C}: NameServer = 10.17.125.228 10.17.125.229 TCP: Interfaces\{EFA211A7-17A3-4AAD-9110-BEDF891B452A}: NameServer = 10.17.125.228 10.17.125.229 FF - ProfilePath - c:\users\Kanisius\AppData\Roaming\Mozilla\Firefox\Profiles\n4bwbc5o.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9ab6c35800000000000050e549eec3ee&q= FF - user.js: extensions.BabylonToolbar.id - 9ab6c35800000000000050e549eec3ee FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15598 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1217:08 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112472&tt=120912_nocpc_3712_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1372548219-439290359-1192898563-1000_Classes\Wow6432Node\CLSID\{3f5f6b19-5998-4fd5-88b9-516d80cc9a71}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000116 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-1372548219-439290359-1192898563-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):29,d5,c1,8c,15,43,f6,c6,2f,0a,d4,10,c9,b4,95,a1,91,d3,8a,1c,9f, e9,c0,7d,33,1f,53,bc,d8,58,25,4e,3f,29,fd,e3,1d,2b,ea,19,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:93,32,9a,7f,75,de,cf,b7,c4,95,f9,49,9c,5d,37,a0,c4,6a,b8,0e,24, 47,22,a2,1f,35,9d,d6,bf,ae,03,aa,5d,d9,4d,5c,18,92,e4,9e,10,59,61,c5,ba,84,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:93,32,9a,7f,75,de,cf,b7,c4,95,f9,49,9c,5d,37,a0,c4,6a,b8,0e,24, 47,22,a2,1f,35,9d,d6,bf,ae,03,aa,5d,d9,4d,5c,18,92,e4,9e,10,59,61,c5,ba,84,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\programdata\Smartfren Connex EC306-2 UI\OnlineUpdate\ouc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-02-09 02:27:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-08 19:27 ComboFix2.txt 2013-02-08 18:07 ComboFix3.txt 2013-02-08 17:50 ComboFix4.txt 2013-02-06 18:28 . Pre-Run: 300,473,782,272 bytes free Post-Run: 300,179,034,112 bytes free . - - End Of File - - AD4B4FC591738E06432F64A64719CC7B

Back to top

#15 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 08 February 2013 - 02:19 PM

Looks Better.......next >>>

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Back to top

Related Topics

Next

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.

Follow Us

Facebook Twitter

Help

Community Forum Software by IP.Board
Licensed to: What the Tech

Copyright © 2003- Geeks to Go, Inc. All rights reserved.