Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Jump hijack malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Jump hijack malware

Unread postby elerrina » May 9th, 2012, 2:10 pm

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Ash at 18:53:08 on 2012-05-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.934 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Ash\AppData\Local\Apps\2.0\97A8R61R.BDD\CG31MHAB.2OT\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\calc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Public\Games\World of Warcraft\Wow.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7F58BD1D-6D8B-471A-A356-F92B5CFEF914} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO-X64: ZoneAlarm Security - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1378040]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-5 654408]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-5-4 932736]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17440]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-08 20:39:16 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-08 20:39:15 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 20:39:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-08 20:39:13 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-08 20:39:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-08 20:39:11 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 20:38:44 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-08 20:38:35 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-08 20:38:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 20:38:33 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-08 20:38:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-08 20:38:33 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 20:38:33 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 18:06:58 -------- d-----w- C:\Program Files\iPod
2012-05-05 18:06:57 -------- d-----w- C:\Program Files\iTunes
2012-05-05 18:06:57 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-05 18:04:38 -------- d-----w- C:\Program Files\Bonjour
2012-05-05 18:04:38 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-05 17:32:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-05 17:32:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-05 17:17:27 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-05 17:07:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-04 18:58:42 -------- d-----w- C:\Users\Ash\AppData\Local\AVG Secure Search
2012-05-04 18:55:42 -------- d-----w- C:\Users\Ash\AppData\Roaming\AVG2012
2012-05-04 18:55:10 -------- d-----w- C:\ProgramData\AVG2012
2012-05-04 18:50:18 -------- d-----w- C:\Users\Ash\AppData\Local\CRE
2012-05-04 18:49:53 -------- d-----w- C:\Users\Ash\AppData\Roaming\Nico Mak Computing
2012-05-04 18:49:50 18760 ----a-w- C:\Windows\System32\roboot64.exe
2012-05-04 18:49:48 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2012-05-04 18:47:21 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 18:47:17 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 18:47:17 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 21:22:44 -------- d-----w- C:\Users\Ash\AppData\Roaming\Nuance
2012-05-03 21:22:25 -------- d-----w- C:\Users\Ash\AppData\Roaming\FLEXnet
2012-05-03 21:22:02 -------- d-----w- C:\Users\Ash\AppData\Roaming\Zeon
2012-05-03 21:21:56 -------- d-----w- C:\ProgramData\Nuance
2012-05-03 21:21:49 -------- d-----w- C:\Program Files (x86)\Nuance
2012-05-03 21:20:40 -------- d-----w- C:\Users\Ash\AppData\Local\Downloaded Installations
2012-05-01 15:50:59 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-29 16:48:06 -------- d-----w- C:\Users\Ash\AppData\Local\{41BC5725-0909-4E89-8933-714A3F2F49D6}
2012-04-29 16:47:51 -------- d-----w- C:\Users\Ash\AppData\Local\{87B9E85D-B12D-4FD5-A04A-E0D23033F356}
2012-04-23 12:35:18 -------- d-----w- C:\Users\Ash\AppData\Local\{DB904BC2-D077-4D94-9D73-76F2A150B8B0}
2012-04-23 12:35:06 -------- d-----w- C:\Users\Ash\AppData\Local\{4F2835E3-DB58-48F7-90AD-FA416C94C6B8}
2012-04-22 14:01:59 -------- d-----w- C:\Users\Ash\AppData\Local\{E7259362-701C-41CA-B2CB-BFFDC270139E}
2012-04-22 14:01:37 -------- d-----w- C:\Users\Ash\AppData\Local\{D958B118-767D-43EA-81BC-1EFD6511AA6A}
2012-04-21 17:55:22 -------- d-----w- C:\Users\Ash\AppData\Local\{BE468C35-AFBE-4A17-AAF8-F7D50DB76752}
2012-04-21 17:55:02 -------- d-----w- C:\Users\Ash\AppData\Local\{883F0F0A-2FDE-4E31-AEDA-457392B73F43}
2012-04-21 17:50:34 -------- d-----w- C:\Windows\en
2012-04-21 17:44:20 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\DSETUP.dll
2012-04-21 17:44:20 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\DXSETUP.exe
2012-04-21 17:44:20 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\dsetup32.dll
2012-04-21 13:44:25 -------- d-----w- C:\Users\Ash\AppData\Local\{FB6244DA-2195-4C1C-A25F-53E196ECB983}
2012-04-21 13:44:09 -------- d-----w- C:\Users\Ash\AppData\Local\{FFB61383-55FD-4E7D-8603-08D07CDE71D3}
2012-04-21 11:48:35 -------- d-----w- C:\Users\Ash\AppData\Local\{589409C3-6932-4045-BE12-8338507CE37D}
2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 17:05:22 -------- d-----w- C:\Users\Ash\AppData\Local\AMD
2012-04-17 21:14:43 -------- d-----w- C:\ProgramData\AMD
2012-04-17 21:14:40 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-17 21:14:21 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-17 21:12:48 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-04-17 21:08:32 -------- d-----w- C:\AMD
2012-04-17 19:13:12 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-17 19:13:12 -------- d-----w- C:\Program Files\AVAST Software
2012-04-17 18:30:53 -------- d-----w- C:\Users\Ash\AppData\Roaming\Malwarebytes
2012-04-17 18:30:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 18:09:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-17 18:09:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-17 17:48:19 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-17 17:41:51 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-17 17:41:51 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-17 17:41:24 -------- d-----w- C:\Users\Ash\AppData\Roaming\TestApp
2012-04-17 17:41:24 -------- d-----w- C:\ProgramData\PC Tools
2012-04-17 17:38:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-12 21:07:40 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 21:07:40 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 21:07:40 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 21:07:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 21:07:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 21:07:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 21:07:39 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-05-05 17:17:18 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-05 21:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-05 21:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-25 16:27:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-25 16:27:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-19 04:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-03-09 00:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 00:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-02-22 04:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-21 22:07:49 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-02-21 22:07:49 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-02-21 22:07:49 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2009-07-16 22:13:06 1246440 ----a-w- C:\Program Files\DAOriginsLauncher.exe
.
============= FINISH: 18:54:31.23 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/08/2010 01:12:35
System Uptime: 09/05/2012 16:28:49 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A79XTD EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 121.407 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP207: 05/05/2012 18:45:19 - ComboFix created restore point
RP208: 05/05/2012 18:59:59 - Removed HiJackThis
RP209: 08/05/2012 22:24:52 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
AIO_Scan
AMD VISION Engine Control Center
Any Video Converter Professional 3.3.5
Apple Application Support
Apple Software Update
µTorrent
BufferChm
C5200
C5200_Help
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
Creative Centrale
Creative Software Update
Creative ZEN X-Fi2 Documentation
Curse Client
D3DX10
Destinations
DeviceDiscovery
DivX Setup
DocProc
Dragon Age II
Dragon Age II Demo
Dragon Age Redesigned©
Dragon Age: Origins
Dragon Age: Origins Character Creator
EA Installer
EA Shared Game Component: Activation
Fax
FXAA Post Process Injector
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HydraVision
Java Auto Updater
Java(TM) 6 Update 32
LDC Driving Test Complete
Logitech Vid HD
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
marvell 61xx
Mass Effect
Mass Effect 2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Notepad++
Nuance PDF Reader
NVIDIA PhysX
Origin
Oxelon Media Converter 1.1
Pharaoh
Platform
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
Python 2.7
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Samsung PC Studio 3
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Star Wars: The Old Republic
Status
Steam
The Elder Scrolls V: Skyrim
The Witcher
The Witcher 2
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Warcraft
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
09/05/2012 18:42:34, Error: bowser [8003] - The master browser has received a server announcement from the computer K71 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7F58BD1D-6D8B-471A-A356-F92B5CFEF914}. The master browser is stopping or an election is being forced.
09/05/2012 16:30:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
09/05/2012 16:30:06, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
09/05/2012 16:29:00, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/05/2012 22:39:27, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2012 22:37:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
07/05/2012 22:37:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
05/05/2012 19:05:16, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/05/2012 18:44:31, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
05/05/2012 18:44:31, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
05/05/2012 17:55:19, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/05/2012 17:54:52, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/05/2012 13:19:44, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
05/05/2012 13:13:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
05/05/2012 13:13:44, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

For a while now ive been experiencing this issue where searches from google will redirect to random webpages, the most common being a website called easy-az or something like that. Malwarebytes blocks the website but its just annoying having to go back and click the link again all the time.
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm
Advertisement
Register to Remove

Re: Jump hijack malware

Unread postby Dakeyras » May 10th, 2012, 2:59 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

ComboFix Advice:

I see you have already run Combofix on your computer. Is there any particular reason that you chose to do so? Running tools that you don't understand is never a good idea. At best it will do nothing to resolve your problem, at worst it will turn your computer into a very expensive paperweight.

Throwing any tool you can find at a problem, without understanding what it does or why it's used, will rarely lead to the conclusion you wish. If you don't know what you're doing, don't do anything other than seek assistance is my friendly advice...

Peer to Peer Advice:

Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs. It is posted here.

As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time. If you have used this, you can be fairly confident this is a principal reason your computer is infected

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware <-- Not particularly effective at all in my humble opinion.
Adobe Reader 9.3.3 <-- We will update this in due course.
µTorrent
ZoneAlarm Security Toolbar <-- Has undesirable characteristics.

To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 10th, 2012, 5:18 pm

Computer seems to be performing fine, though i keep geting problem loading webpages now. the redirects that i experience on the internet are entirely random and i can go a while without experiencing any and then get a whole bunch in a close space. The main page its directing me to now is easya-z but i did used to get other ones as well though i dont remember the names.

OTL logfile created on: 10/05/2012 22:00:46 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Ash\Desktop\Mozilla downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.79% Memory free
8.00 Gb Paging File | 5.49 Gb Available in Paging File | 68.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 120.05 Gb Free Space | 25.78% Space Free | Partition Type: NTFS

Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ash\Desktop\Mozilla downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko12.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (vToolbarUpdater11.0.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 70 69 F9 3E 44 CB 01 [binary data]
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E1AEB830-AA0D-4404-B0BA-E38DA0ED9D4A}&mid=04143df7c27bfb8c47841ae215ed1c13-68fbc96c815914287bcf44e10a81cbb20491045f&lang=en&ds=AVG&pr=fr&d=2012-05-04 19:57:53&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/11 01:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/19 13:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/02 23:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/04 19:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/04 19:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 22:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 19:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 19:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 21:50:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/02 23:14:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}: C:\Users\Ash\AppData\Local\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}\ [2012/04/02 13:07:54 | 000,000,000 | ---D | M]

[2010/08/25 11:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\Mozilla\Extensions
[2012/05/10 21:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions
[2011/06/13 08:17:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/04 19:58:47 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/26 20:03:21 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/05/10 21:58:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/25 21:30:22 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\support@ancestry.com
[2012/05/03 19:54:14 | 000,000,935 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\searchplugins\conduit.xml
[2012/05/05 18:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/14 21:35:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 18:17:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/05/04 19:56:02 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/04 19:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/04/02 13:07:54 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\ASH\APPDATA\LOCAL\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}
[2012/05/04 19:47:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 19:47:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/04 19:57:40 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/13 21:27:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/04 19:47:16 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 19:47:16 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/04 19:47:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 19:47:16 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ash\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/05/05 17:58:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab (DLM Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F58BD1D-6D8B-471A-A356-F92B5CFEF914}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 21:39:16 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 21:39:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 21:39:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 21:39:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/05 19:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/05 19:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/05 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/05 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/05 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/05 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/05/05 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/05 18:32:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/05 18:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/05 18:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/05 18:17:27 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/05 18:17:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/05 18:17:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/05 18:17:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/05 18:07:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/05 17:19:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/04 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\AVG Secure Search
[2012/05/04 19:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/04 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\AVG2012
[2012/05/04 19:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/04 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\CRE
[2012/05/04 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Nico Mak Computing
[2012/05/04 19:49:50 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/04 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2012/05/04 19:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/04 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/03 22:26:49 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\ANA course
[2012/05/03 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Nuance
[2012/05/03 22:22:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\FLEXnet
[2012/05/03 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Zeon
[2012/05/03 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/05/03 22:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/05/03 22:20:40 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Downloaded Installations
[2012/05/01 16:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/01 16:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/01 16:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/04/29 17:48:06 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{41BC5725-0909-4E89-8933-714A3F2F49D6}
[2012/04/29 17:47:51 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{87B9E85D-B12D-4FD5-A04A-E0D23033F356}
[2012/04/23 13:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{DB904BC2-D077-4D94-9D73-76F2A150B8B0}
[2012/04/23 13:35:06 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{4F2835E3-DB58-48F7-90AD-FA416C94C6B8}
[2012/04/22 15:01:59 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{E7259362-701C-41CA-B2CB-BFFDC270139E}
[2012/04/22 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{D958B118-767D-43EA-81BC-1EFD6511AA6A}
[2012/04/22 11:17:28 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/04/22 11:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/04/22 11:17:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Notepad++
[2012/04/22 11:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/04/21 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{BE468C35-AFBE-4A17-AAF8-F7D50DB76752}
[2012/04/21 18:55:02 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{883F0F0A-2FDE-4E31-AEDA-457392B73F43}
[2012/04/21 18:50:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/21 14:44:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{FB6244DA-2195-4C1C-A25F-53E196ECB983}
[2012/04/21 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{FFB61383-55FD-4E7D-8603-08D07CDE71D3}
[2012/04/21 12:48:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{589409C3-6932-4045-BE12-8338507CE37D}
[2012/04/21 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\Addons1
[2012/04/21 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\ShestakUI_3.4.9
[2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/18 18:05:22 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\AMD
[2012/04/17 22:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/04/17 22:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/17 22:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/04/17 22:12:48 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2012/04/17 22:08:32 | 000,000,000 | ---D | C] -- C:\AMD
[2012/04/17 20:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/17 20:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/17 19:30:53 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Malwarebytes
[2012/04/17 19:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/17 19:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/17 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/17 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/17 18:41:51 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/17 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/17 18:41:24 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\TestApp
[2012/04/17 18:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/17 18:38:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 22:07:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 22:07:40 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 22:07:39 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 09:31:55 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 09:31:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 09:31:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 09:31:55 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 09:31:55 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 09:31:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 09:31:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/10 22:04:50 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 22:04:50 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 21:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 21:56:39 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 20:57:52 | 000,001,227 | ---- | M] () -- C:\Users\Ash\Desktop\World of Warcraft.lnk
[2012/05/10 19:45:45 | 097,725,211 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/10 19:42:29 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/05/09 16:30:01 | 000,414,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/07 22:31:24 | 002,292,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 22:31:24 | 000,931,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 22:31:24 | 000,005,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 17:16:14 | 000,478,457 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/06 17:45:03 | 000,000,000 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 19:07:30 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/05 18:32:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 18:17:18 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/05 18:17:18 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/05 18:17:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/05 18:17:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/05 18:17:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/05 17:58:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/04 19:58:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/03 22:28:36 | 000,121,231 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_9_-_Nutrition_of_Small_and_Exotic_Pets.pdf
[2012/05/03 22:28:31 | 000,294,370 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_8_-_Feeding_and_Nutrition_-_Special_dietary_requirements.pdf
[2012/05/03 22:28:26 | 000,055,374 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_7_-_Student_Exercise_-_How_to_feed_cats_undergoing_different_life_stages.pdf
[2012/05/03 22:28:20 | 000,178,382 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_7_-_Feeding_and_Nutrition_-_Differing_Life_Stages.pdf
[2012/05/03 22:28:16 | 000,193,385 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_6_-_Principles_of_Nutrition.pdf
[2012/05/03 22:28:10 | 000,276,025 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_5_-_Feeding_Nutrition_Dogs_Cats_-_Introduction.pdf
[2012/05/03 22:28:05 | 000,054,342 | ---- | M] () -- C:\Users\Ash\Documents\Lecture 4 - Student exercise - Prevent infection.pdf
[2012/05/03 22:28:00 | 000,311,342 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_4_-_Prevention_of_Spread_of_infections.pdf
[2012/05/03 22:27:54 | 000,305,530 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_3_-_Cleaning_and_Disinfecting_Kennels.pdf
[2012/05/03 22:27:48 | 000,143,115 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_2_-_Housing_Small_Animals.pdf
[2012/05/03 22:22:51 | 000,261,685 | ---- | M] () -- C:\Users\Ash\Documents\Lecture 1 - Housing Dogs and Cats.pdf
[2012/05/03 22:21:55 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2012/04/21 11:41:08 | 000,887,471 | ---- | M] () -- C:\Users\Ash\Desktop\Skada-1.3-11.zip
[2012/04/21 11:15:03 | 000,812,933 | ---- | M] () -- C:\Users\Ash\Desktop\ShestakUI_3.4.9.zip
[2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/17 22:12:52 | 002,081,139 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 19:42:29 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/05/06 17:45:03 | 000,000,000 | ---- | C] () -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 19:07:30 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/05 18:32:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 19:58:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/03 22:28:36 | 000,121,231 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_9_-_Nutrition_of_Small_and_Exotic_Pets.pdf
[2012/05/03 22:28:31 | 000,294,370 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_8_-_Feeding_and_Nutrition_-_Special_dietary_requirements.pdf
[2012/05/03 22:28:26 | 000,055,374 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_7_-_Student_Exercise_-_How_to_feed_cats_undergoing_different_life_stages.pdf
[2012/05/03 22:28:20 | 000,178,382 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_7_-_Feeding_and_Nutrition_-_Differing_Life_Stages.pdf
[2012/05/03 22:28:16 | 000,193,385 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_6_-_Principles_of_Nutrition.pdf
[2012/05/03 22:28:10 | 000,276,025 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_5_-_Feeding_Nutrition_Dogs_Cats_-_Introduction.pdf
[2012/05/03 22:28:05 | 000,054,342 | ---- | C] () -- C:\Users\Ash\Documents\Lecture 4 - Student exercise - Prevent infection.pdf
[2012/05/03 22:28:00 | 000,311,342 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_4_-_Prevention_of_Spread_of_infections.pdf
[2012/05/03 22:27:54 | 000,305,530 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_3_-_Cleaning_and_Disinfecting_Kennels.pdf
[2012/05/03 22:27:48 | 000,143,115 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_2_-_Housing_Small_Animals.pdf
[2012/05/03 22:22:51 | 000,261,685 | ---- | C] () -- C:\Users\Ash\Documents\Lecture 1 - Housing Dogs and Cats.pdf
[2012/05/03 22:21:55 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2012/04/21 11:41:07 | 000,887,471 | ---- | C] () -- C:\Users\Ash\Desktop\Skada-1.3-11.zip
[2012/04/21 11:25:57 | 000,001,227 | ---- | C] () -- C:\Users\Ash\Desktop\World of Warcraft.lnk
[2012/04/21 11:15:03 | 000,812,933 | ---- | C] () -- C:\Users\Ash\Desktop\ShestakUI_3.4.9.zip
[2012/04/17 18:41:55 | 002,081,139 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/11 13:32:01 | 000,004,608 | ---- | C] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 21:04:39 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/17 17:50:15 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/04/03 15:55:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/03 15:55:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/03 15:55:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/03 15:30:12 | 000,000,351 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/28 01:03:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/18 17:42:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/10/18 17:35:26 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/09/06 15:58:35 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/02 23:10:41 | 000,210,623 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/09/02 23:10:41 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/08/26 19:30:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/25 11:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/25 01:31:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/25 01:21:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C765C323
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Last edited by elerrina on May 10th, 2012, 5:26 pm, edited 1 time in total.
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby elerrina » May 10th, 2012, 5:19 pm

OTL Extras logfile created on: 10/05/2012 22:00:46 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Ash\Desktop\Mozilla downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.79% Memory free
8.00 Gb Paging File | 5.49 Gb Available in Paging File | 68.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 120.05 Gb Free Space | 25.78% Space Free | Partition Type: NTFS

Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E5B546-2DBD-4B51-B5F3-F1AD255BB0A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{249F71A6-3620-4AF8-9946-86529F640E57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D63C29C-9DC6-42F4-84C4-4D1CA31F3F78}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3DC3AA75-D512-4468-8AB0-F5A4D286AE5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42B01EA8-B60B-405F-B8B6-59B9A41DB854}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{488C7955-5B76-4B8F-8865-7FBBEA02C16B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F585E4E-52ED-4FFF-95FC-E9F10FC670BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{63DD34B4-F759-4F09-B8C1-54A2E5C3CB8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7118CE17-6B45-4BC0-90E2-9069DC7C742E}" = lport=139 | protocol=6 | dir=in | app=system |
"{73C7D089-F55F-436A-BABC-903864453323}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83C6ACD6-A16B-43D0-AF9D-157365184276}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9072ED66-BF89-4C5D-9D76-EB4828E6556C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{982D9677-596A-45D1-89C6-D8BA7D47876C}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BA522D8-A77B-46BD-BDA0-FEA804E74D09}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F5717FE-B5A1-4BF6-AB06-F1E90483F165}" = rport=139 | protocol=6 | dir=out | app=system |
"{A680B745-697D-4281-AA44-DA8A1F1A3FEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A92A8F20-1D3F-46B3-BE6A-1845D2133E02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B32F2A39-66ED-4243-B153-D9A6120DE788}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B875D8E5-3A1B-4FDE-AAE1-D8F963EE2A72}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8EC5320-962F-486B-AE9C-BD7975D5B4D5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE0F3DEB-A742-446A-9E36-26111C07FD95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C400B7CE-DAF6-4278-B33B-0E05012E7038}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4012097-641C-4819-A546-77D2A85447DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6790FF0-6CEB-4904-9C4B-1310223D3700}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBE0F2B3-4D66-4FC6-B914-4582603969EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E758A987-73CC-4F12-AC53-C35CB9963239}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F30E50C8-F8C4-4CF1-BF0D-8387AD8FD7A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F49A58AB-80F0-4BB8-A85E-C249D448EA7F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003FC112-6CD0-4E03-B004-4362F3A35C82}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{025A2A75-6FF0-46AF-BF19-C2087319C11B}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{0419C646-5B91-403A-B918-ECE40F8E8DE9}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{05D7CA7B-4E44-4820-AC2D-BF6475B06F91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0659A8EC-B53F-4AE1-8AB5-83C974377D88}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{0736FD84-5F28-4636-B1A6-0AD6D319A5FF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{081A8A17-7B29-46BB-BABD-0D4D5CF365E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{09CAF7E4-A733-4E02-8921-4F693BABA65A}" = protocol=17 | dir=in | app=c:\program files\bin_ship\daocharactercreator.exe |
"{09E141C8-5F42-4B65-8982-CE922FAE2ABC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{0BEDCFDC-B8F6-4C86-A95F-858B0FCE2674}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{11B7BDA7-2B24-440B-B013-6B11B27627E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{145963B1-1CF7-4E81-95C7-A48C9E270D5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{177A9FE7-E3FC-4FC6-9DFC-82E3CCCB1CCA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1BC01382-9A71-40A9-94C7-00ABC06296DC}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{2049381B-58C0-4C95-8244-82618A58F337}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{231E0768-C14A-4F65-A0C9-1083D0AB6ADF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{23E84CBA-F8CC-4152-BEB6-C1A59B5B7E0F}" = protocol=6 | dir=out | app=system |
"{266D0326-6EC4-4DB5-AEE7-F64E2C70F242}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{276CDB15-2FBA-4A54-9E45-9CAC41436734}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{28AAFB72-A083-4E5F-B475-75C6E5143EBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{29DD28E2-3C9B-48B7-AE5D-2347C260EBD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2A414230-B6D4-405F-AC7F-B93429764DA6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2B63E458-3465-4070-A211-53A73F8ED84F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{3072CC6E-B160-408F-A408-357F1D46E471}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{32C7CEDE-4405-41F7-872E-8B4FB31E6F9E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{332AE4B0-3A9D-4124-A57E-21CD97470AC7}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\dragonagetoolset.exe |
"{33C3AB17-A9E0-4E0F-9962-7323551A1175}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3462C73D-B475-422A-8FD1-8DFA155454D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{350AFBE5-E5A5-4ADE-98B1-6833E40AC1CF}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{3552A83A-5C55-4BFA-B58E-ECDF151056B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{37D68E87-193C-4AD2-809C-2EF547159EFD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{38A939CA-3C26-4460-9851-162648019335}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{39D1BB7B-3389-4671-873B-95E21680C54B}" = protocol=6 | dir=in | app=c:\program files\daoriginslauncher.exe |
"{39EF05CD-1F5A-47F9-8FEA-C1CA71B58AF3}" = protocol=17 | dir=in | app=c:\program files\daoriginslauncher.exe |
"{3B570624-5F10-443C-A399-A9650B4E14CC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{3D5D290E-31B0-469A-9FF0-57A96C31644D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3FA56B0A-0914-4DCF-B4CB-27A7E11B4F35}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{42409CD4-A34E-4684-9624-2B4D2596D579}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{43A72DAC-CA54-4565-A738-56FA23FE663D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{453C8C88-E68A-4F6C-9D09-E2F9A54A6A61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4DA274B2-0B28-4C66-96ED-748AC42B7A63}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{4EEDCF53-5D66-40A0-A7CF-42D250AE85C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{4F179CA1-2C5E-42C8-B0DC-FCEF40D644D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{533D0022-FA53-4D2D-B153-1AB09986ABE1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{58F122D8-6E69-4F22-B37D-95CA217207FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A774030-D90E-4D7E-8847-43A95223A8DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5AFCF1C5-9F7E-430A-A862-78FD4C60C96D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5CE8B8EF-08D9-4D4A-B8E9-7A547D712824}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{5D5B0455-7945-4D61-B231-2DAE1BA8403C}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\rpu.exe |
"{5FFD419C-B3A6-4488-9D57-E89CC272411D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61DF3F78-0B46-4371-B5B6-249F8D97C7D3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{64D166BD-D492-4EE2-978F-27299EFF13A7}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\gffeditor.exe |
"{6915BB4F-7528-4AB8-AB20-C806B191184E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{6AD35AC7-31CE-4EC4-B8D4-0E40DD54C814}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\gffeditor.exe |
"{6B15602B-ACD2-4B08-83A9-E98ABFC3B9F7}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{6B2BCAF1-EE7C-4F04-8EAC-D1005E2200E1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6DE44721-4A67-44A3-A770-9FFF8AAB3701}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{7164EA1C-9F2B-4D8E-8611-8B0C27EC41F3}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\erfeditor.exe |
"{7216484C-182C-42F9-B08B-78A9D7852922}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{761CF505-5F56-40BD-9408-11CBE9A4BD1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76C230BC-E742-4590-AAD8-F608B32DF257}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7703D503-5E11-43A1-B6FD-E4AE1F16ACD5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7AB52AEA-D160-414C-B8A9-DF4255253E7E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D4C5E57-FBBA-4985-A275-83EC167CE838}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{7D97CCAA-C114-4FAD-B2ED-72B9715CC572}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{823E7FF6-9AB8-41F0-9695-EF0E23301517}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{82A7D575-51CD-4CEC-AA7D-3FCB59A6C7C2}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{82FA4F53-53EC-4793-BDE5-F4542ABB9DDD}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{851CBF31-DAD9-431E-8130-6CF346FCFB68}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{85C87D88-4B75-465C-AB70-772CA8425EDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{8755F1EA-348C-4CA6-81DD-FD711BC94401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88CF3CD6-2189-484D-9AEE-F6C9D3948858}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9020548A-AF69-438D-8BF8-266E6E4AD980}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{903F4D11-A3E5-4EB8-BF99-B51A26DFC4D6}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{90A0F926-DFEA-4633-9AB9-7A3A2332575D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{90C4EE49-78DD-47DA-B342-76F0E383A0D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91BAE408-EAF6-40EB-9FA6-D5F9ACDEBF64}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\lightmapper\eclipseray.exe |
"{91FA6464-8824-415B-B6D3-CC0C3B91AE2D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{955B0A62-85A1-42A5-8647-652EC333C19A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97911A33-1F8B-4917-B224-3EA0E5B497FC}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{9B5FC5E8-AFE2-4589-949E-CC55F09A141B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9E473D15-1D86-498C-8892-D6A70EC7AFFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AB2C894F-D091-4BA3-A892-8C90255403C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB99E2BB-CE45-4675-91E0-1C545432C24B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{AFAAF63C-5BEE-4BE9-BFDC-027EFFD8896B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{B1EA9464-DA39-4E45-80ED-11B2BE2EB25C}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{BF001D94-0AA4-4967-B61B-5CC866A6F879}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\erfeditor.exe |
"{C0E1520A-324B-4440-9C81-EF93D87F6554}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C200BE50-5C55-4192-AFDB-4E3917ECB35E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C34186D9-A2FE-4195-B2F8-B3C87D0D708A}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{C6FFDDB5-9562-4346-96A4-556DF95ADBEE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C8DF4B6E-D555-47BF-B3C9-02D535AAE0CF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C8E2323D-E6B4-4E95-9A55-784F3055F079}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{CB0E4D09-90B3-4975-B836-B40FE2496502}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CB4C7BCC-3668-4DA6-81C8-950040A4C176}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D1E7D6E2-3A41-4C25-A52B-8C2E235DCC34}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{D1EE98DE-E050-43B4-A261-3BACC0F4EE54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D27A5032-57EA-4292-B9F9-3895549014FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2EADF30-D0F7-4BBC-9286-870DBBBBEF7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D4162566-3C6A-4EAA-BE1E-C53F333540F1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D4F029D5-C9CF-42C4-BC35-F53D49530416}" = protocol=17 | dir=in | app=c:\program files\dragon age\tools\dragonagetoolset.exe |
"{D56375CE-6BD8-45E9-B6C6-5ED72EC1907D}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\lightmapper\eclipseray.exe |
"{D6ACFA61-74C1-493F-AAF1-D50A1732A0F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA4FF21B-EB8F-47C0-BC50-D7D2DA1E54D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBE162A7-1C44-4CB9-BD54-3CB743A023EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DEF4DCDB-1112-48BE-8E9E-400E240ABCF7}" = protocol=6 | dir=in | app=c:\program files\bin_ship\daocharactercreator.exe |
"{E1682FF9-0808-4B7F-812E-7E0B400DF43B}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E302316B-9E3A-46A9-8367-0564223175A0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E366518A-1BDF-4933-B8CF-6D2A3C4019B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{E57AE524-B774-4A25-8268-88B71A9A0A6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E72F3412-81B8-4B4C-8018-869AFCF3C5E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7585946-7AD5-4F1D-AFE6-C91A94C79B1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{EE7E8E28-9179-43C0-B967-75A8028FE550}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F04498E1-5FF4-4C2D-9728-AD032644F76F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F07AEC69-405D-4844-A76C-9964EF3083DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{F34DF796-57B1-4F85-BFC3-D7245C48BE4D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F4B3F86E-2FD1-4F1F-AB2D-8377AD3C527C}" = protocol=6 | dir=in | app=c:\program files\dragon age\tools\rpu.exe |
"{F557D216-C724-4852-82ED-A5FAFC6BE40C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{F57D8E05-6D39-47D7-B83E-A4B4144F195F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{F70D83C2-8C00-43E6-BD58-A57AC10EC715}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{FECFD5B7-8F88-47D9-AFFC-795CEACBBCF1}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{FF70829F-3962-489D-97F9-F9EF891A6AAC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"TCP Query User{7FC390CB-C6AE-4EFD-A1B5-BCC94DB0E68E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{8B885A63-B189-4ED5-9302-1BA94B4DDC12}C:\users\ash\downloads\wow_cataclysm_beta_engb(2).exe" = protocol=6 | dir=in | app=c:\users\ash\downloads\wow_cataclysm_beta_engb(2).exe |
"TCP Query User{9E3C2608-B606-461A-A4C2-62885B92F5B2}C:\users\ash\downloads\wow_cataclysm_beta_engb.exe" = protocol=6 | dir=in | app=c:\users\ash\downloads\wow_cataclysm_beta_engb.exe |
"TCP Query User{CD63A401-D76E-4096-BCD2-AC9B6933E94B}E:\documents and settings\compaq_owner\my documents\downloads\wow_cataclysm_beta_engb.exe" = protocol=6 | dir=in | app=e:\documents and settings\compaq_owner\my documents\downloads\wow_cataclysm_beta_engb.exe |
"UDP Query User{3DF6661D-6FA4-4FA9-BAD1-60967C2A0490}C:\users\ash\downloads\wow_cataclysm_beta_engb(2).exe" = protocol=17 | dir=in | app=c:\users\ash\downloads\wow_cataclysm_beta_engb(2).exe |
"UDP Query User{5E307AB7-583A-4A92-BBF3-2DBE8115CB2F}E:\documents and settings\compaq_owner\my documents\downloads\wow_cataclysm_beta_engb.exe" = protocol=17 | dir=in | app=e:\documents and settings\compaq_owner\my documents\downloads\wow_cataclysm_beta_engb.exe |
"UDP Query User{91187C76-8E53-4A5C-A436-C50C8F6A16E2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B9ED8CC7-B252-4CA8-AF01-F111BED63F97}C:\users\ash\downloads\wow_cataclysm_beta_engb.exe" = protocol=17 | dir=in | app=c:\users\ash\downloads\wow_cataclysm_beta_engb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74E52BA7-4698-4BE1-858C-8ED27E836570}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.3.5
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Creative Centrale" = Creative Centrale
"DivX Setup" = DivX Setup
"EA Installer.1760404899" = EA Installer
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LDC Driving Test Complete3.0" = LDC Driving Test Complete
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Notepad++" = Notepad++
"Origin" = Origin
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"Pharaoh" = Pharaoh
"PROPLUS" = Microsoft Office Professional Plus 2007
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZENXFI2UG" = Creative ZEN X-Fi2 Documentation
"ZoneAlarm Free" = ZoneAlarm Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"FXAA Post Process Injector" = FXAA Post Process Injector

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2011 04:25:33 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 15/08/2011 13:44:08 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 15/08/2011 13:44:10 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 15/08/2011 15:59:06 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 15/08/2011 15:59:06 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 15/08/2011 16:06:34 | Computer Name = Ash-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.0.4183 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17c4 Start
Time: 01cc5b86372674f4 Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 037f84dc-c77a-11e0-874c-e0cb4ed6643f

Error - 16/08/2011 12:58:23 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 16/08/2011 12:58:23 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 16/08/2011 16:21:59 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 16/08/2011 16:21:59 | Computer Name = Ash-PC | Source = MSSQL$BWDATOOLSET | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

[ OSession Events ]
Error - 05/12/2010 18:23:44 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13275
seconds with 480 seconds of active time. This session ended with a crash.

Error - 13/12/2010 14:24:17 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4203
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 17/04/2011 18:23:20 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1802
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/05/2012 14:42:12 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 10/05/2012 14:42:14 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 10/05/2012 15:33:17 | Computer Name = Ash-PC | Source = bowser | ID = 8003
Description =

Error - 10/05/2012 15:57:20 | Computer Name = Ash-PC | Source = bowser | ID = 8003
Description =

Error - 10/05/2012 16:27:37 | Computer Name = Ash-PC | Source = bowser | ID = 8003
Description =

Error - 10/05/2012 16:55:26 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/05/2012 16:56:27 | Computer Name = Ash-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/05/2012 16:56:45 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 10/05/2012 16:56:49 | Computer Name = Ash-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 10/05/2012 17:03:35 | Computer Name = Ash-PC | Source = bowser | ID = 8003
Description =


< End of report >
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 11th, 2012, 9:37 am

Hi. :)

Computer seems to be performing fine, though i keep geting problem loading webpages now. the redirects that i experience on the internet are entirely random and i can go a while without experiencing any and then get a whole bunch in a close space. The main page its directing me to now is easya-z but i did used to get other ones as well though i dont remember the names.
OK and thanks for the update. Lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset Windows 7 Firewall:

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.

Then click on Turn Windows Firewall on or Off and under the option Home or work (private) network location settings >> and select Turn off Windows Firewall (not recommended) >> OK.

Carry out the same procedure as the above for Turn Windows Firewall on or Off and under the option Public network location settings >> and select Turn off Windows Firewall (not recommended) >> OK.

Note: No need for it to be on after the reset because the ZoneAlarm Firewall is installed/active.

Temp Disable MBAM's Protection Module:

This is so it will not hinder the custom OTL script below, it will automatically start again after your machine is rebooted.

Right-click on the Malwarebytes Anti-Malware System Tray icon >> Enable Protection >> Yes

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/11 01:37:43 | 000,000,000 | ---D | M]
[2012/05/04 19:58:47 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/26 20:03:21 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2012/05/10 19:42:29 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C765C323
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[ResetHosts]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 11th, 2012, 10:52 am

Still experiencing wepages timing out or saying the connection was reset, havent had a google redirect as of yet though.


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry key HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\searchplugin folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\modules folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\META-INF folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\defaults folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\chrome folder moved successfully.
C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:661DFA1C deleted successfully.
ADS C:\ProgramData\TEMP:C765C323 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ash\Desktop\Mozilla downloads\cmd.bat deleted successfully.
C:\Users\Ash\Desktop\Mozilla downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ash
->Temp folder emptied: 8762913 bytes
->Temporary Internet Files folder emptied: 52229085 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 795412861 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10657 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74871218 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 745329102 bytes

Total Files Cleaned = 1,599.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05112012_152939

Files\Folders moved on Reboot...
C:\Users\Ash\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ash\AppData\Local\Temp\~DFAA7519682DE917B9.TMP moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD91FX8\addons-tracker-v4[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYD91FX8\addons-v4[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWG0KQWC\beacon[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKDK3TRX\pixel[3].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2FJ1N3U\ddc[2].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2FJ1N3U\fpi[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2FJ1N3U\g_u_if_c[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2FJ1N3U\img[1].htm moved successfully.
C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2FJ1N3U\tier1_intl_atf[2].txt moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ash\AppData\Local\Mozilla\Firefox\Profiles\l6k2sjcs.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT06ee2.TMP not found!

Registry entries deleted on Reboot...








Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.05.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ash :: ASH-PC [administrator]

Protection: Enabled

11/05/2012 15:41:05
mbam-log-2012-05-11 (15-41-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207766
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 11th, 2012, 11:48 am

Hi. :)

Still experiencing wepages timing out or saying the connection was reset
Does this occur with both Internet Explorer & Mozilla Firefox? Also can you confirm for myself if you are using a Router or not?

Regarding the last Malwarebytes Anti-Malware scan any particular reason you ran it with Scan options disabled: P2P? As you should no longer have any such software present on your machine per forum policy for receiving assistance.

Scan with aswMBR:

Please download aswMBR.exe to your Desktop.

  • Right-click the aswMBR.exe select Run as Administrator to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 11th, 2012, 12:28 pm

I actually didnt notice those settings were even enabled on malwarebytes i have removed utorrent as per the forum policy so no need to worry about that. Dont seem to have any issues in IE but i dont usually use it so that was just a quick flick through some wepages to see if the problem would occur. I do use a router and the computer is directly plugged into it. I am still getting the redirects from google too just had two in a row >.<

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-11 17:27:29
-----------------------------
17:27:29.295 OS Version: Windows x64 6.1.7601 Service Pack 1
17:27:29.295 Number of processors: 4 586 0x403
17:27:29.295 ComputerName: ASH-PC UserName: Ash
17:27:30.924 Initialize success
17:27:43.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:27:43.272 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
17:27:43.289 Disk 0 MBR read successfully
17:27:43.291 Disk 0 MBR scan
17:27:43.293 Disk 0 Windows 7 default MBR code
17:27:43.311 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:27:43.319 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:27:43.332 Disk 0 scanning C:\Windows\system32\drivers
17:27:50.802 Service scanning
17:28:04.899 Modules scanning
17:28:04.903 Disk 0 trace - called modules:
17:28:04.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:28:04.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a41060]
17:28:04.929 3 CLASSPNP.SYS[fffff8800195543f] -> nt!IofCallDriver -> [0xfffffa80048e29b0]
17:28:04.932 5 ACPI.sys[fffff88000f197a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ac9680]
17:28:04.936 Scan finished successfully
17:28:17.549 Disk 0 MBR has been saved successfully to "C:\Users\Ash\Desktop\MBR.dat"
17:28:17.583 The log file has been saved successfully to "C:\Users\Ash\Desktop\aswMBR.txt"
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 12th, 2012, 6:50 am

Hi. :)

I actually didnt notice those settings were even enabled on malwarebytes
Fair play.

Router Advice:

OK at this juncture I think it would be prudent to actually reset your Router and apply a new admin password. If the default password is retained, a remote attacker can install his own server address in between you and your Internet Service Provider. (The default passwords are published). If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

Also ensure both the NAT(Network Address Translation) Firewall is active and the Block ICMP Ping feature is selected.

Note: If unsure how to reset your router, merely inform myself the exact make/modal and I will gladly provide the appropriate advice.

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop..

  • Right-click on FSS.exe and select Run as Administrator to launch it.
  • Select the following option only:

    • Internet Services

  • Click on Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe and select Run as Administrator to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 12th, 2012, 8:29 am

No extras have been added and the block icmp ping is enabled, though im not sure where to find the NAT part in my router settings, i have a belkin F5D8636-4 v2. Also i did run the malwarebytes scan again with the p2p thing fixed and it still didnt find anything =)

Farbar Service Scanner Version: 11-05-2012
Ran by Ash (administrator) on 12-05-2012 at 13:24:46
Running from "C:\Users\Ash\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****





13:25:31.0155 6600 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:25:33.0159 6600 ============================================================
13:25:33.0159 6600 Current date / time: 2012/05/12 13:25:33.0159
13:25:33.0159 6600 SystemInfo:
13:25:33.0159 6600
13:25:33.0159 6600 OS Version: 6.1.7601 ServicePack: 1.0
13:25:33.0159 6600 Product type: Workstation
13:25:33.0160 6600 ComputerName: ASH-PC
13:25:33.0160 6600 UserName: Ash
13:25:33.0160 6600 Windows directory: C:\Windows
13:25:33.0160 6600 System windows directory: C:\Windows
13:25:33.0160 6600 Running under WOW64
13:25:33.0160 6600 Processor architecture: Intel x64
13:25:33.0160 6600 Number of processors: 4
13:25:33.0160 6600 Page size: 0x1000
13:25:33.0160 6600 Boot type: Normal boot
13:25:33.0160 6600 ============================================================
13:25:34.0125 6600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:25:34.0127 6600 ============================================================
13:25:34.0127 6600 \Device\Harddisk0\DR0:
13:25:34.0128 6600 MBR partitions:
13:25:34.0128 6600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:25:34.0128 6600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:25:34.0128 6600 ============================================================
13:25:34.0149 6600 C: <-> \Device\Harddisk0\DR0\Partition1
13:25:34.0149 6600 ============================================================
13:25:34.0149 6600 Initialize success
13:25:34.0149 6600 ============================================================
13:25:51.0646 1496 ============================================================
13:25:51.0646 1496 Scan started
13:25:51.0647 1496 Mode: Manual; SigCheck; TDLFS;
13:25:51.0647 1496 ============================================================
13:25:53.0141 1496 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:25:53.0270 1496 1394ohci - ok
13:25:53.0331 1496 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:25:53.0370 1496 ACPI - ok
13:25:53.0384 1496 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:25:53.0433 1496 AcpiPmi - ok
13:25:53.0513 1496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:25:53.0535 1496 adp94xx - ok
13:25:53.0566 1496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:25:53.0580 1496 adpahci - ok
13:25:53.0596 1496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:25:53.0607 1496 adpu320 - ok
13:25:53.0641 1496 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:25:53.0718 1496 AeLookupSvc - ok
13:25:53.0784 1496 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:25:53.0835 1496 AFD - ok
13:25:53.0883 1496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:25:53.0897 1496 agp440 - ok
13:25:53.0914 1496 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:25:53.0947 1496 ALG - ok
13:25:53.0988 1496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:25:54.0001 1496 aliide - ok
13:25:54.0123 1496 ALSysIO - ok
13:25:54.0169 1496 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
13:25:54.0291 1496 AMD External Events Utility - ok
13:25:54.0377 1496 AMD FUEL Service - ok
13:25:54.0434 1496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:25:54.0454 1496 amdide - ok
13:25:54.0482 1496 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:25:54.0510 1496 amdiox64 - ok
13:25:54.0536 1496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:25:54.0567 1496 AmdK8 - ok
13:25:55.0048 1496 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:55.0274 1496 amdkmdag - ok
13:25:55.0397 1496 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:25:55.0477 1496 amdkmdap - ok
13:25:55.0514 1496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:25:55.0560 1496 AmdPPM - ok
13:25:55.0616 1496 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:25:55.0648 1496 amdsata - ok
13:25:55.0689 1496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:25:55.0705 1496 amdsbs - ok
13:25:55.0720 1496 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:25:55.0729 1496 amdxata - ok
13:25:55.0819 1496 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:25:55.0851 1496 AODDriver4.1 - ok
13:25:55.0909 1496 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:25:56.0021 1496 AppID - ok
13:25:56.0052 1496 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:25:56.0102 1496 AppIDSvc - ok
13:25:56.0159 1496 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:25:56.0261 1496 Appinfo - ok
13:25:56.0333 1496 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:25:56.0342 1496 Apple Mobile Device - ok
13:25:56.0398 1496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:25:56.0447 1496 arc - ok
13:25:56.0465 1496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:25:56.0492 1496 arcsas - ok
13:25:56.0508 1496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:56.0550 1496 AsyncMac - ok
13:25:56.0586 1496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:25:56.0610 1496 atapi - ok
13:25:56.0672 1496 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
13:25:56.0685 1496 AtiHDAudioService - ok
13:25:56.0742 1496 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
13:25:56.0813 1496 AtiHdmiService - ok
13:25:56.0858 1496 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:25:56.0879 1496 AtiPcie - ok
13:25:56.0934 1496 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
13:25:56.0966 1496 atksgt - ok
13:25:57.0039 1496 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:25:57.0115 1496 AudioEndpointBuilder - ok
13:25:57.0120 1496 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:25:57.0151 1496 AudioSrv - ok
13:25:57.0313 1496 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
13:25:57.0354 1496 AVG Security Toolbar Service - ok
13:25:57.0541 1496 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:25:57.0602 1496 AVGIDSAgent - ok
13:25:57.0759 1496 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:25:57.0781 1496 AVGIDSDriver - ok
13:25:57.0828 1496 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:25:57.0840 1496 AVGIDSFilter - ok
13:25:57.0904 1496 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:25:57.0949 1496 AVGIDSHA - ok
13:25:58.0003 1496 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:25:58.0043 1496 Avgldx64 - ok
13:25:58.0066 1496 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:25:58.0095 1496 Avgmfx64 - ok
13:25:58.0124 1496 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:25:58.0170 1496 Avgrkx64 - ok
13:25:58.0207 1496 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:25:58.0236 1496 Avgtdia - ok
13:25:58.0299 1496 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:25:58.0334 1496 avgwd - ok
13:25:58.0446 1496 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:25:58.0482 1496 AxInstSV - ok
13:25:58.0534 1496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:25:58.0592 1496 b06bdrv - ok
13:25:58.0625 1496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:25:58.0702 1496 b57nd60a - ok
13:25:58.0742 1496 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:25:58.0791 1496 BDESVC - ok
13:25:58.0796 1496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:25:58.0852 1496 Beep - ok
13:25:58.0991 1496 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:25:59.0066 1496 BFE - ok
13:25:59.0119 1496 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:25:59.0255 1496 BITS - ok
13:25:59.0301 1496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:25:59.0358 1496 blbdrive - ok
13:25:59.0457 1496 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:25:59.0474 1496 Bonjour Service - ok
13:25:59.0512 1496 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:25:59.0528 1496 bowser - ok
13:25:59.0537 1496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:25:59.0571 1496 BrFiltLo - ok
13:25:59.0574 1496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:25:59.0591 1496 BrFiltUp - ok
13:25:59.0646 1496 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:25:59.0698 1496 BridgeMP - ok
13:25:59.0733 1496 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:25:59.0788 1496 Browser - ok
13:25:59.0810 1496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:25:59.0882 1496 Brserid - ok
13:25:59.0902 1496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:25:59.0965 1496 BrSerWdm - ok
13:25:59.0968 1496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:25:59.0987 1496 BrUsbMdm - ok
13:25:59.0990 1496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:26:00.0009 1496 BrUsbSer - ok
13:26:00.0013 1496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:26:00.0035 1496 BTHMODEM - ok
13:26:00.0070 1496 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:26:00.0157 1496 bthserv - ok
13:26:00.0177 1496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:26:00.0213 1496 cdfs - ok
13:26:00.0273 1496 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:26:00.0304 1496 cdrom - ok
13:26:00.0359 1496 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:26:00.0456 1496 CertPropSvc - ok
13:26:00.0484 1496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:26:00.0513 1496 circlass - ok
13:26:00.0540 1496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:26:00.0555 1496 CLFS - ok
13:26:00.0622 1496 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:00.0644 1496 clr_optimization_v2.0.50727_32 - ok
13:26:00.0687 1496 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:00.0719 1496 clr_optimization_v2.0.50727_64 - ok
13:26:00.0781 1496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:00.0809 1496 clr_optimization_v4.0.30319_32 - ok
13:26:00.0889 1496 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:00.0921 1496 clr_optimization_v4.0.30319_64 - ok
13:26:00.0953 1496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:01.0009 1496 CmBatt - ok
13:26:01.0040 1496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:26:01.0066 1496 cmdide - ok
13:26:01.0146 1496 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:26:01.0185 1496 CNG - ok
13:26:01.0194 1496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:26:01.0203 1496 Compbatt - ok
13:26:01.0246 1496 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:26:01.0278 1496 CompositeBus - ok
13:26:01.0296 1496 COMSysApp - ok
13:26:01.0311 1496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:26:01.0320 1496 crcdisk - ok
13:26:01.0381 1496 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:26:01.0450 1496 CryptSvc - ok
13:26:01.0560 1496 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
13:26:01.0577 1496 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
13:26:01.0577 1496 CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
13:26:01.0688 1496 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
13:26:01.0726 1496 CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
13:26:01.0726 1496 CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
13:26:01.0837 1496 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:26:01.0858 1496 DAUpdaterSvc - ok
13:26:01.0912 1496 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:26:01.0973 1496 DcomLaunch - ok
13:26:02.0029 1496 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:26:02.0140 1496 defragsvc - ok
13:26:02.0196 1496 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:26:02.0248 1496 DfsC - ok
13:26:02.0313 1496 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:26:02.0366 1496 Dhcp - ok
13:26:02.0383 1496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:26:02.0437 1496 discache - ok
13:26:02.0500 1496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:26:02.0509 1496 Disk - ok
13:26:02.0586 1496 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:26:02.0629 1496 Dnscache - ok
13:26:02.0664 1496 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:26:02.0709 1496 dot3svc - ok
13:26:02.0799 1496 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:26:02.0850 1496 Dot4 - ok
13:26:02.0903 1496 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
13:26:02.0922 1496 Dot4Print - ok
13:26:02.0929 1496 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:26:02.0958 1496 dot4usb - ok
13:26:02.0980 1496 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:26:03.0018 1496 DPS - ok
13:26:03.0041 1496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:26:03.0096 1496 drmkaud - ok
13:26:03.0173 1496 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:26:03.0206 1496 DXGKrnl - ok
13:26:03.0230 1496 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:26:03.0311 1496 EapHost - ok
13:26:03.0412 1496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:26:03.0483 1496 ebdrv - ok
13:26:03.0615 1496 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:26:03.0638 1496 EFS - ok
13:26:03.0706 1496 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:26:03.0733 1496 ehRecvr - ok
13:26:03.0775 1496 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:26:03.0843 1496 ehSched - ok
13:26:03.0921 1496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:26:03.0963 1496 elxstor - ok
13:26:04.0007 1496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:26:04.0074 1496 ErrDev - ok
13:26:04.0150 1496 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:26:04.0245 1496 EventSystem - ok
13:26:04.0293 1496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:26:04.0389 1496 exfat - ok
13:26:04.0416 1496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:26:04.0471 1496 fastfat - ok
13:26:04.0596 1496 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:26:04.0671 1496 Fax - ok
13:26:04.0684 1496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:26:04.0696 1496 fdc - ok
13:26:04.0713 1496 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:26:04.0757 1496 fdPHost - ok
13:26:04.0792 1496 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:26:04.0899 1496 FDResPub - ok
13:26:04.0919 1496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:26:04.0933 1496 FileInfo - ok
13:26:04.0951 1496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:26:05.0010 1496 Filetrace - ok
13:26:05.0065 1496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:05.0099 1496 flpydisk - ok
13:26:05.0144 1496 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:26:05.0162 1496 FltMgr - ok
13:26:05.0224 1496 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:26:05.0326 1496 FontCache - ok
13:26:05.0425 1496 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:05.0453 1496 FontCache3.0.0.0 - ok
13:26:05.0491 1496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:26:05.0519 1496 FsDepends - ok
13:26:05.0546 1496 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:26:05.0559 1496 Fs_Rec - ok
13:26:05.0635 1496 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:26:05.0655 1496 fvevol - ok
13:26:05.0686 1496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:05.0699 1496 gagp30kx - ok
13:26:05.0726 1496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:05.0757 1496 GEARAspiWDM - ok
13:26:05.0816 1496 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:26:05.0888 1496 gpsvc - ok
13:26:05.0912 1496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:26:05.0966 1496 hcw85cir - ok
13:26:06.0027 1496 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:26:06.0067 1496 HdAudAddService - ok
13:26:06.0106 1496 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:26:06.0139 1496 HDAudBus - ok
13:26:06.0160 1496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:26:06.0191 1496 HidBatt - ok
13:26:06.0213 1496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:26:06.0233 1496 HidBth - ok
13:26:06.0247 1496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:26:06.0260 1496 HidIr - ok
13:26:06.0274 1496 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:26:06.0315 1496 hidserv - ok
13:26:06.0353 1496 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:26:06.0388 1496 HidUsb - ok
13:26:06.0422 1496 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:26:06.0480 1496 hkmsvc - ok
13:26:06.0520 1496 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:26:06.0545 1496 HomeGroupListener - ok
13:26:06.0636 1496 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:26:06.0680 1496 HomeGroupProvider - ok
13:26:06.0830 1496 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:26:06.0908 1496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:26:06.0908 1496 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:26:06.0934 1496 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:26:06.0965 1496 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:26:06.0965 1496 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:26:07.0022 1496 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:26:07.0049 1496 HpSAMD - ok
13:26:07.0135 1496 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:26:07.0215 1496 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:26:07.0215 1496 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:26:07.0300 1496 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:26:07.0381 1496 HTTP - ok
13:26:07.0416 1496 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:26:07.0429 1496 hwpolicy - ok
13:26:07.0472 1496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:26:07.0515 1496 i8042prt - ok
13:26:07.0549 1496 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:26:07.0570 1496 iaStorV - ok
13:26:07.0708 1496 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:07.0729 1496 idsvc - ok
13:26:07.0772 1496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:26:07.0798 1496 iirsp - ok
13:26:07.0864 1496 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:26:07.0992 1496 IKEEXT - ok
13:26:08.0023 1496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:26:08.0032 1496 intelide - ok
13:26:08.0063 1496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:26:08.0120 1496 intelppm - ok
13:26:08.0165 1496 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:26:08.0222 1496 IPBusEnum - ok
13:26:08.0254 1496 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:08.0324 1496 IpFilterDriver - ok
13:26:08.0371 1496 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:26:08.0497 1496 iphlpsvc - ok
13:26:08.0530 1496 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:26:08.0561 1496 IPMIDRV - ok
13:26:08.0595 1496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:26:08.0652 1496 IPNAT - ok
13:26:08.0734 1496 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:26:08.0751 1496 iPod Service - ok
13:26:08.0769 1496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:26:08.0847 1496 IRENUM - ok
13:26:08.0885 1496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:26:08.0910 1496 isapnp - ok
13:26:08.0945 1496 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:26:08.0963 1496 iScsiPrt - ok
13:26:09.0037 1496 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:26:09.0068 1496 ISWKL - ok
13:26:09.0147 1496 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
13:26:09.0185 1496 IswSvc - ok
13:26:09.0207 1496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:26:09.0221 1496 kbdclass - ok
13:26:09.0241 1496 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:26:09.0272 1496 kbdhid - ok
13:26:09.0301 1496 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:26:09.0317 1496 KeyIso - ok
13:26:09.0342 1496 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:26:09.0363 1496 KSecDD - ok
13:26:09.0381 1496 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:26:09.0396 1496 KSecPkg - ok
13:26:09.0416 1496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:26:09.0469 1496 ksthunk - ok
13:26:09.0513 1496 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:26:09.0586 1496 KtmRm - ok
13:26:09.0633 1496 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:26:09.0701 1496 LanmanServer - ok
13:26:09.0759 1496 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:26:09.0810 1496 LanmanWorkstation - ok
13:26:09.0872 1496 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
13:26:09.0881 1496 lirsgt - ok
13:26:09.0923 1496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:26:09.0967 1496 lltdio - ok
13:26:10.0015 1496 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:26:10.0068 1496 lltdsvc - ok
13:26:10.0081 1496 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:26:10.0109 1496 lmhosts - ok
13:26:10.0134 1496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:10.0144 1496 LSI_FC - ok
13:26:10.0157 1496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:10.0167 1496 LSI_SAS - ok
13:26:10.0182 1496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:10.0191 1496 LSI_SAS2 - ok
13:26:10.0206 1496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:10.0217 1496 LSI_SCSI - ok
13:26:10.0234 1496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:26:10.0281 1496 luafv - ok
13:26:10.0362 1496 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
13:26:10.0374 1496 lvpepf64 - ok
13:26:10.0412 1496 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:26:10.0441 1496 LVPr2M64 - ok
13:26:10.0448 1496 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:26:10.0469 1496 LVPr2Mon - ok
13:26:10.0591 1496 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:26:10.0619 1496 LVPrcS64 - ok
13:26:10.0663 1496 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
13:26:10.0681 1496 LVRS64 - ok
13:26:10.0706 1496 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
13:26:10.0718 1496 LVUSBS64 - ok
13:26:10.0762 1496 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:26:10.0771 1496 MBAMProtector - ok
13:26:10.0893 1496 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:10.0930 1496 MBAMService - ok
13:26:10.0953 1496 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:26:10.0981 1496 Mcx2Svc - ok
13:26:11.0007 1496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:26:11.0016 1496 megasas - ok
13:26:11.0040 1496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:11.0052 1496 MegaSR - ok
13:26:11.0094 1496 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:26:11.0177 1496 MMCSS - ok
13:26:11.0200 1496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:26:11.0257 1496 Modem - ok
13:26:11.0315 1496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:26:11.0351 1496 monitor - ok
13:26:11.0399 1496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:26:11.0434 1496 mouclass - ok
13:26:11.0464 1496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:26:11.0530 1496 mouhid - ok
13:26:11.0609 1496 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:26:11.0639 1496 mountmgr - ok
13:26:11.0704 1496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:11.0731 1496 MozillaMaintenance - ok
13:26:11.0759 1496 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:26:11.0771 1496 mpio - ok
13:26:11.0787 1496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:26:11.0816 1496 mpsdrv - ok
13:26:11.0926 1496 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:26:11.0998 1496 MpsSvc - ok
13:26:12.0036 1496 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:26:12.0087 1496 MRxDAV - ok
13:26:12.0156 1496 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:12.0182 1496 mrxsmb - ok
13:26:12.0215 1496 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:12.0243 1496 mrxsmb10 - ok
13:26:12.0263 1496 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:12.0275 1496 mrxsmb20 - ok
13:26:12.0335 1496 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:26:12.0369 1496 msahci - ok
13:26:12.0440 1496 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:26:12.0456 1496 msdsm - ok
13:26:12.0477 1496 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:26:12.0516 1496 MSDTC - ok
13:26:12.0558 1496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:26:12.0596 1496 Msfs - ok
13:26:12.0603 1496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:26:12.0643 1496 mshidkmdf - ok
13:26:12.0683 1496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:26:12.0713 1496 msisadrv - ok
13:26:12.0735 1496 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:26:12.0786 1496 MSiSCSI - ok
13:26:12.0788 1496 msiserver - ok
13:26:12.0816 1496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:26:12.0862 1496 MSKSSRV - ok
13:26:12.0879 1496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:12.0906 1496 MSPCLOCK - ok
13:26:12.0923 1496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:26:12.0968 1496 MSPQM - ok
13:26:13.0009 1496 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:26:13.0023 1496 MsRPC - ok
13:26:13.0061 1496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:26:13.0069 1496 mssmbios - ok
13:26:13.0197 1496 MSSQL$BWDATOOLSET - ok
13:26:13.0249 1496 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:26:13.0260 1496 MSSQLServerADHelper - ok
13:26:13.0263 1496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:26:13.0320 1496 MSTEE - ok
13:26:13.0343 1496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:13.0368 1496 MTConfig - ok
13:26:13.0399 1496 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
13:26:13.0442 1496 MTsensor - ok
13:26:13.0489 1496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:26:13.0525 1496 Mup - ok
13:26:13.0560 1496 mv61xx (42ab117ab98ac93f487b2913ee4fbdd8) C:\Windows\system32\DRIVERS\mv61xx.sys
13:26:13.0574 1496 mv61xx - ok
13:26:13.0629 1496 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:26:13.0700 1496 napagent - ok
13:26:13.0766 1496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:26:13.0808 1496 NativeWifiP - ok
13:26:13.0866 1496 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:26:13.0893 1496 NDIS - ok
13:26:13.0921 1496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:14.0016 1496 NdisCap - ok
13:26:14.0036 1496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:14.0072 1496 NdisTapi - ok
13:26:14.0104 1496 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:14.0208 1496 Ndisuio - ok
13:26:14.0285 1496 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:14.0355 1496 NdisWan - ok
13:26:14.0384 1496 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:26:14.0411 1496 NDProxy - ok
13:26:14.0452 1496 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
13:26:14.0505 1496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:26:14.0505 1496 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:26:14.0603 1496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:26:14.0670 1496 NetBIOS - ok
13:26:14.0705 1496 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:26:14.0747 1496 NetBT - ok
13:26:14.0800 1496 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:26:14.0811 1496 Netlogon - ok
13:26:14.0865 1496 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:26:14.0925 1496 Netman - ok
13:26:14.0958 1496 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:26:15.0007 1496 netprofm - ok
13:26:15.0125 1496 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:15.0157 1496 NetTcpPortSharing - ok
13:26:15.0191 1496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:15.0225 1496 nfrd960 - ok
13:26:15.0286 1496 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:26:15.0370 1496 NlaSvc - ok
13:26:15.0379 1496 nmwcdx64 - ok
13:26:15.0393 1496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:26:15.0433 1496 Npfs - ok
13:26:15.0457 1496 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:26:15.0517 1496 nsi - ok
13:26:15.0535 1496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:26:15.0571 1496 nsiproxy - ok
13:26:15.0661 1496 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:26:15.0699 1496 Ntfs - ok
13:26:15.0771 1496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:26:15.0818 1496 Null - ok
13:26:15.0959 1496 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:26:16.0011 1496 nvraid - ok
13:26:16.0475 1496 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:26:16.0487 1496 nvstor - ok
13:26:16.0715 1496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:26:16.0774 1496 nv_agp - ok
13:26:17.0147 1496 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:26:17.0161 1496 odserv - ok
13:26:17.0200 1496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:26:17.0213 1496 ohci1394 - ok
13:26:17.0252 1496 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:17.0263 1496 ose - ok
13:26:17.0441 1496 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:26:17.0505 1496 p2pimsvc - ok
13:26:17.0819 1496 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:26:17.0843 1496 p2psvc - ok
13:26:17.0924 1496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:26:17.0968 1496 Parport - ok
13:26:18.0106 1496 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:26:18.0126 1496 partmgr - ok
13:26:18.0181 1496 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:26:18.0214 1496 PcaSvc - ok
13:26:18.0392 1496 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:26:18.0421 1496 pci - ok
13:26:18.0435 1496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:26:18.0447 1496 pciide - ok
13:26:18.0499 1496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:26:18.0511 1496 pcmcia - ok
13:26:18.0523 1496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:26:18.0533 1496 pcw - ok
13:26:18.0556 1496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:26:18.0615 1496 PEAUTH - ok
13:26:18.0732 1496 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:26:18.0763 1496 PerfHost - ok
13:26:19.0097 1496 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
13:26:19.0149 1496 PID_PEPI - ok
13:26:19.0351 1496 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:26:19.0415 1496 pla - ok
13:26:19.0526 1496 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:26:19.0596 1496 PlugPlay - ok
13:26:19.0798 1496 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
13:26:19.0853 1496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:26:19.0853 1496 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:26:19.0889 1496 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:26:19.0909 1496 PNRPAutoReg - ok
13:26:19.0929 1496 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:26:19.0945 1496 PNRPsvc - ok
13:26:19.0985 1496 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:26:20.0035 1496 PolicyAgent - ok
13:26:20.0058 1496 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:26:20.0102 1496 Power - ok
13:26:20.0172 1496 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:26:20.0221 1496 PptpMiniport - ok
13:26:20.0259 1496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:26:20.0296 1496 Processor - ok
13:26:20.0330 1496 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:26:20.0431 1496 ProfSvc - ok
13:26:20.0455 1496 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:26:20.0478 1496 ProtectedStorage - ok
13:26:20.0544 1496 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:26:20.0602 1496 Psched - ok
13:26:20.0645 1496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:26:20.0676 1496 ql2300 - ok
13:26:20.0785 1496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:26:20.0800 1496 ql40xx - ok
13:26:20.0833 1496 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:26:20.0858 1496 QWAVE - ok
13:26:20.0868 1496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:26:20.0904 1496 QWAVEdrv - ok
13:26:20.0926 1496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:26:20.0968 1496 RasAcd - ok
13:26:21.0045 1496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:26:21.0133 1496 RasAgileVpn - ok
13:26:21.0155 1496 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:26:21.0213 1496 RasAuto - ok
13:26:21.0279 1496 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:21.0327 1496 Rasl2tp - ok
13:26:21.0529 1496 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:26:21.0612 1496 RasMan - ok
13:26:21.0627 1496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:21.0683 1496 RasPppoe - ok
13:26:21.0702 1496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:26:21.0742 1496 RasSstp - ok
13:26:21.0799 1496 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:26:21.0881 1496 rdbss - ok
13:26:21.0896 1496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:26:21.0910 1496 rdpbus - ok
13:26:21.0918 1496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:21.0958 1496 RDPCDD - ok
13:26:22.0008 1496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:26:22.0119 1496 RDPENCDD - ok
13:26:22.0147 1496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:26:22.0174 1496 RDPREFMP - ok
13:26:22.0212 1496 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:26:22.0286 1496 RDPWD - ok
13:26:22.0348 1496 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:26:22.0381 1496 rdyboost - ok
13:26:22.0411 1496 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:26:22.0465 1496 RemoteAccess - ok
13:26:22.0497 1496 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:26:22.0576 1496 RemoteRegistry - ok
13:26:22.0594 1496 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:26:22.0628 1496 RpcEptMapper - ok
13:26:22.0635 1496 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:26:22.0666 1496 RpcLocator - ok
13:26:22.0716 1496 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:26:22.0769 1496 RpcSs - ok
13:26:22.0835 1496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:26:22.0907 1496 rspndr - ok
13:26:22.0957 1496 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:26:23.0000 1496 RTL8167 - ok
13:26:23.0021 1496 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:26:23.0032 1496 SamSs - ok
13:26:23.0109 1496 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:26:23.0119 1496 sbp2port - ok
13:26:23.0143 1496 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:26:23.0174 1496 SCardSvr - ok
13:26:23.0203 1496 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:26:23.0247 1496 scfilter - ok
13:26:23.0306 1496 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:26:23.0369 1496 Schedule - ok
13:26:23.0399 1496 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:26:23.0426 1496 SCPolicySvc - ok
13:26:23.0465 1496 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:26:23.0496 1496 SDRSVC - ok
13:26:23.0537 1496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:26:23.0581 1496 secdrv - ok
13:26:23.0626 1496 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:26:23.0738 1496 seclogon - ok
13:26:23.0763 1496 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:26:23.0829 1496 SENS - ok
13:26:23.0869 1496 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:26:23.0946 1496 SensrSvc - ok
13:26:23.0960 1496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:26:23.0995 1496 Serenum - ok
13:26:24.0021 1496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:26:24.0039 1496 Serial - ok
13:26:24.0070 1496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:26:24.0100 1496 sermouse - ok
13:26:24.0175 1496 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:26:24.0218 1496 SessionEnv - ok
13:26:24.0246 1496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:26:24.0298 1496 sffdisk - ok
13:26:24.0310 1496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:26:24.0343 1496 sffp_mmc - ok
13:26:24.0363 1496 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:26:24.0412 1496 sffp_sd - ok
13:26:24.0429 1496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:24.0444 1496 sfloppy - ok
13:26:24.0479 1496 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:26:24.0524 1496 SharedAccess - ok
13:26:24.0576 1496 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:26:24.0628 1496 ShellHWDetection - ok
13:26:24.0693 1496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:26:24.0719 1496 SiSRaid2 - ok
13:26:24.0734 1496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:26:24.0748 1496 SiSRaid4 - ok
13:26:24.0768 1496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:26:24.0808 1496 Smb - ok
13:26:24.0832 1496 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:26:24.0879 1496 SNMPTRAP - ok
13:26:24.0960 1496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:26:24.0969 1496 spldr - ok
13:26:25.0042 1496 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:26:25.0083 1496 Spooler - ok
13:26:25.0189 1496 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:26:25.0243 1496 sppsvc - ok
13:26:25.0307 1496 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:26:25.0355 1496 sppuinotify - ok
13:26:25.0538 1496 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:26:25.0552 1496 SQLBrowser - ok
13:26:25.0635 1496 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:26:25.0648 1496 SQLWriter - ok
13:26:25.0714 1496 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:26:25.0748 1496 srv - ok
13:26:25.0868 1496 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:26:25.0908 1496 srv2 - ok
13:26:25.0945 1496 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:26:25.0979 1496 srvnet - ok
13:26:26.0051 1496 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:26:26.0097 1496 SSDPSRV - ok
13:26:26.0417 1496 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:26:26.0451 1496 SstpSvc - ok
13:26:26.0531 1496 StarOpen - ok
13:26:26.0749 1496 Steam Client Service - ok
13:26:26.0863 1496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:26:26.0873 1496 stexstor - ok
13:26:27.0100 1496 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:26:27.0143 1496 stisvc - ok
13:26:27.0171 1496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:26:27.0205 1496 swenum - ok
13:26:27.0248 1496 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:26:27.0283 1496 swprv - ok
13:26:27.0572 1496 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:26:27.0684 1496 SysMain - ok
13:26:27.0791 1496 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:26:27.0826 1496 TabletInputService - ok
13:26:27.0864 1496 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:26:27.0938 1496 TapiSrv - ok
13:26:28.0034 1496 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:26:28.0064 1496 TBS - ok
13:26:28.0206 1496 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:26:28.0247 1496 Tcpip - ok
13:26:28.0340 1496 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:26:28.0368 1496 TCPIP6 - ok
13:26:28.0421 1496 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:26:28.0506 1496 tcpipreg - ok
13:26:28.0524 1496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:26:28.0587 1496 TDPIPE - ok
13:26:28.0625 1496 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:26:28.0640 1496 TDTCP - ok
13:26:28.0672 1496 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:26:28.0768 1496 tdx - ok
13:26:28.0808 1496 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:26:28.0832 1496 TermDD - ok
13:26:28.0911 1496 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:26:28.0968 1496 TermService - ok
13:26:29.0166 1496 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:26:29.0217 1496 Themes - ok
13:26:29.0246 1496 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:26:29.0275 1496 THREADORDER - ok
13:26:29.0328 1496 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:26:29.0412 1496 TrkWks - ok
13:26:29.0454 1496 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:26:29.0482 1496 TrustedInstaller - ok
13:26:29.0546 1496 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:29.0627 1496 tssecsrv - ok
13:26:29.0701 1496 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:26:29.0725 1496 TsUsbFlt - ok
13:26:29.0779 1496 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:26:29.0841 1496 tunnel - ok
13:26:29.0877 1496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:26:29.0891 1496 uagp35 - ok
13:26:29.0973 1496 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:26:30.0039 1496 udfs - ok
13:26:30.0066 1496 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:26:30.0079 1496 UI0Detect - ok
13:26:30.0118 1496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:26:30.0153 1496 uliagpkx - ok
13:26:30.0225 1496 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:26:30.0283 1496 umbus - ok
13:26:30.0291 1496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:26:30.0318 1496 UmPass - ok
13:26:30.0375 1496 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:26:30.0422 1496 upnphost - ok
13:26:30.0473 1496 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:26:30.0505 1496 usbaudio - ok
13:26:30.0523 1496 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:30.0570 1496 usbccgp - ok
13:26:30.0651 1496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:26:30.0702 1496 usbcir - ok
13:26:30.0731 1496 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:26:30.0792 1496 usbehci - ok
13:26:30.0826 1496 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:26:30.0861 1496 usbhub - ok
13:26:30.0885 1496 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:26:30.0909 1496 usbohci - ok
13:26:30.0994 1496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:26:31.0037 1496 usbprint - ok
13:26:31.0090 1496 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:26:31.0168 1496 usbscan - ok
13:26:31.0188 1496 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
13:26:31.0298 1496 USBSTOR - ok
13:26:31.0317 1496 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:26:31.0334 1496 usbuhci - ok
13:26:31.0356 1496 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:26:31.0405 1496 UxSms - ok
13:26:31.0434 1496 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:26:31.0454 1496 VaultSvc - ok
13:26:31.0512 1496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:26:31.0522 1496 vdrvroot - ok
13:26:31.0575 1496 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:26:31.0623 1496 vds - ok
13:26:31.0651 1496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:31.0664 1496 vga - ok
13:26:31.0679 1496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:26:31.0726 1496 VgaSave - ok
13:26:31.0812 1496 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:26:31.0854 1496 vhdmp - ok
13:26:31.0919 1496 VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys
13:26:31.0955 1496 VIAHdAudAddService - ok
13:26:32.0017 1496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:26:32.0046 1496 viaide - ok
13:26:32.0056 1496 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:26:32.0068 1496 volmgr - ok
13:26:32.0116 1496 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:26:32.0164 1496 volmgrx - ok
13:26:32.0210 1496 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:26:32.0249 1496 volsnap - ok
13:26:32.0345 1496 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
13:26:32.0378 1496 Vsdatant - ok
13:26:32.0458 1496 vsmon - ok
13:26:32.0518 1496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:26:32.0554 1496 vsmraid - ok
13:26:32.0622 1496 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:26:32.0701 1496 VSS - ok
13:26:32.0930 1496 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
13:26:32.0956 1496 vToolbarUpdater11.0.2 - ok
13:26:33.0052 1496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:26:33.0088 1496 vwifibus - ok
13:26:33.0187 1496 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:26:33.0240 1496 W32Time - ok
13:26:33.0270 1496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:26:33.0297 1496 WacomPen - ok
13:26:33.0357 1496 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:33.0460 1496 WANARP - ok
13:26:33.0476 1496 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:33.0504 1496 Wanarpv6 - ok
13:26:33.0837 1496 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:26:33.0909 1496 WatAdminSvc - ok
13:26:34.0110 1496 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:26:34.0191 1496 wbengine - ok
13:26:34.0274 1496 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:26:34.0322 1496 WbioSrvc - ok
13:26:34.0362 1496 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:26:34.0409 1496 wcncsvc - ok
13:26:34.0468 1496 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:26:34.0502 1496 WcsPlugInService - ok
13:26:34.0537 1496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:26:34.0546 1496 Wd - ok
13:26:34.0573 1496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:26:34.0591 1496 Wdf01000 - ok
13:26:34.0602 1496 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:26:34.0739 1496 WdiServiceHost - ok
13:26:34.0742 1496 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:26:34.0764 1496 WdiSystemHost - ok
13:26:34.0804 1496 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:26:34.0884 1496 WebClient - ok
13:26:35.0129 1496 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:26:35.0202 1496 Wecsvc - ok
13:26:35.0227 1496 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:26:35.0298 1496 wercplsupport - ok
13:26:35.0320 1496 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:26:35.0390 1496 WerSvc - ok
13:26:35.0436 1496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:26:35.0523 1496 WfpLwf - ok
13:26:35.0531 1496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:26:35.0544 1496 WIMMount - ok
13:26:35.0572 1496 WinDefend - ok
13:26:35.0581 1496 WinHttpAutoProxySvc - ok
13:26:35.0652 1496 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:26:35.0710 1496 Winmgmt - ok
13:26:35.0788 1496 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:26:35.0857 1496 WinRM - ok
13:26:36.0003 1496 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys
13:26:36.0070 1496 WinUsb - ok
13:26:36.0161 1496 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:26:36.0217 1496 Wlansvc - ok
13:26:36.0371 1496 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:26:36.0406 1496 wlidsvc - ok
13:26:36.0516 1496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:26:36.0574 1496 WmiAcpi - ok
13:26:36.0751 1496 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:26:36.0798 1496 wmiApSrv - ok
13:26:36.0854 1496 WMPNetworkSvc - ok
13:26:36.0947 1496 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:26:37.0020 1496 WPCSvc - ok
13:26:37.0054 1496 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:26:37.0074 1496 WPDBusEnum - ok
13:26:37.0088 1496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:26:37.0115 1496 ws2ifsl - ok
13:26:37.0135 1496 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:26:37.0169 1496 wscsvc - ok
13:26:37.0171 1496 WSearch - ok
13:26:37.0283 1496 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:26:37.0340 1496 wuauserv - ok
13:26:37.0466 1496 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:26:37.0546 1496 WudfPf - ok
13:26:37.0578 1496 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
13:26:37.0606 1496 WUDFRd - ok
13:26:37.0635 1496 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:26:37.0663 1496 wudfsvc - ok
13:26:37.0741 1496 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:26:37.0799 1496 WwanSvc - ok
13:26:37.0873 1496 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
13:26:37.0972 1496 xusb21 - ok
13:26:37.0988 1496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:26:38.0079 1496 \Device\Harddisk0\DR0 - ok
13:26:38.0086 1496 Boot (0x1200) (fa78a39e71160a148ac2e26c3ad40674) \Device\Harddisk0\DR0\Partition0
13:26:38.0088 1496 \Device\Harddisk0\DR0\Partition0 - ok
13:26:38.0118 1496 Boot (0x1200) (b3b9f1d949f3a395e5acbe2c9b94f659) \Device\Harddisk0\DR0\Partition1
13:26:38.0120 1496 \Device\Harddisk0\DR0\Partition1 - ok
13:26:38.0121 1496 ============================================================
13:26:38.0121 1496 Scan finished
13:26:38.0121 1496 ============================================================
13:26:38.0147 3564 Detected object count: 7
13:26:38.0147 3564 Actual detected object count: 7
13:27:10.0144 3564 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0144 3564 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0144 3564 CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0144 3564 CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0145 3564 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0145 3564 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0146 3564 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0146 3564 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0148 3564 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0148 3564 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0149 3564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0149 3564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:10.0150 3564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:27:10.0150 3564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:17.0213 5484 Deinitialize success
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 12th, 2012, 10:57 am

Hi. :)

though im not sure where to find the NAT part in my router settings
Here is the PDF manual for your Router. If you still have the installation disk for your Router, there may be a copy of the manual on that also.

Configuring the Firewall is on page 54, so what you need to do is login to your Routers access, click on Firewall and ensure Enable is selected in the Firewall Enable / Disable > option etc.

Next:

Now is appears the actual access for Localhost is blocked on your machine. This may be due to malware that was present and or still is.

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad
Code: Select all
@Echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similiar to this: Image

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Next:

Now re-run the Farbar Service Scanner again per my prior instructions and post the new log.

Next:

Also do you have a copy of the Windows 7 Installation DVD or not?

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut n paste this in:-

/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
msconfig
safebootminimal
activex
drivers32
netsvcs
netsvcs /all
"%WinDir%\$NtUninstallKB*$."
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c


  • Now click on Run Scan at the top left hand corner.
  • When done, one Notepad file will open.

Next:

When completed the above answer my Windows 7 Installation DVD query. Post the new OTL log in your next reply along with the new FSS log and we will go from there, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 12th, 2012, 12:31 pm

Hi there, Yeh i do have the windows 7 installation dvd

OTL logfile created on: 12/05/2012 16:46:06 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Ash\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.68% Memory free
8.00 Gb Paging File | 5.38 Gb Available in Paging File | 67.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 119.58 Gb Free Space | 25.68% Space Free | Partition Type: NTFS

Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ash\Desktop\FSS.exe ()
PRC - C:\Users\Ash\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Users\Ash\Desktop\FSS.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (vToolbarUpdater11.0.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 70 69 F9 3E 44 CB 01 [binary data]
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E1AEB830-AA0D-4404-B0BA-E38DA0ED9D4A}&mid=04143df7c27bfb8c47841ae215ed1c13-68fbc96c815914287bcf44e10a81cbb20491045f&lang=en&ds=AVG&pr=fr&d=2012-05-04 19:57:53&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/11 01:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/19 13:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/02 23:14:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/04 19:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/04 19:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 22:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 19:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 19:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/10 21:50:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/02 23:14:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}: C:\Users\Ash\AppData\Local\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}\ [2012/04/02 13:07:54 | 000,000,000 | ---D | M]

[2010/08/25 11:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\Mozilla\Extensions
[2012/05/11 15:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions
[2011/06/13 08:17:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/10 21:58:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/25 21:30:22 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\extensions\support@ancestry.com
[2012/05/03 19:54:14 | 000,000,935 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\searchplugins\conduit.xml
[2012/05/05 18:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/14 21:35:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 18:17:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/05/04 19:56:02 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/04 19:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/04/02 13:07:54 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\ASH\APPDATA\LOCAL\{77289AC3-7CBC-11E1-826D-B8AC6F996F26}
[2012/05/04 19:47:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 19:47:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/04 19:57:40 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/13 21:27:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/04 19:47:16 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 19:47:16 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/04 19:47:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 19:47:16 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ash\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/05/11 15:29:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-689666306-1716364123-2076767426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab (DLM Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F58BD1D-6D8B-471A-A356-F92B5CFEF914}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^Ash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)


NetSvcs:64bit: AeLookupSvc - C:\Windows\SysNative\aelupsvc.dll (Microsoft Corporation)
NetSvcs:64bit: CertPropSvc - C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
NetSvcs:64bit: SCPolicySvc - C:\Windows\SysNative\certprop.dll (Microsoft Corporation)
NetSvcs:64bit: lanmanserver - C:\Windows\SysNative\srvsvc.dll (Microsoft Corporation)
NetSvcs:64bit: gpsvc - C:\Windows\SysNative\gpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: IKEEXT - C:\Windows\SysNative\IKEEXT.DLL (Microsoft Corporation)
NetSvcs:64bit: AudioSrv - C:\Windows\SysNative\audiosrv.dll (Microsoft Corporation)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias.dll (Microsoft Corporation)
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Rasauto - C:\Windows\SysNative\rasauto.dll (Microsoft Corporation)
NetSvcs:64bit: Rasman - C:\Windows\SysNative\rasmans.dll (Microsoft Corporation)
NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
NetSvcs:64bit: SENS - C:\Windows\SysNative\Sens.dll (Microsoft Corporation)
NetSvcs:64bit: Sharedaccess - C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
NetSvcs:64bit: Tapisrv - C:\Windows\SysNative\tapisrv.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: TermService - C:\Windows\SysNative\termsrv.dll (Microsoft Corporation)
NetSvcs:64bit: wuauserv - C:\Windows\SysNative\wuaueng.dll (Microsoft Corporation)
NetSvcs:64bit: BITS - C:\Windows\SysNative\qmgr.dll (Microsoft Corporation)
NetSvcs:64bit: ShellHWDetection - C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)
NetSvcs:64bit: iphlpsvc - C:\Windows\SysNative\iphlpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: seclogon - C:\Windows\SysNative\seclogon.dll (Microsoft Corporation)
NetSvcs:64bit: AppInfo - C:\Windows\SysNative\appinfo.dll (Microsoft Corporation)
NetSvcs:64bit: msiscsi - C:\Windows\SysNative\iscsiexe.dll (Microsoft Corporation)
NetSvcs:64bit: MMCSS - C:\Windows\SysNative\mmcss.dll (Microsoft Corporation)
NetSvcs:64bit: winmgmt - C:\Windows\SysNative\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs:64bit: SessionEnv - C:\Windows\SysNative\SessEnv.dll (Microsoft Corporation)
NetSvcs:64bit: browser - C:\Windows\SysNative\browser.dll (Microsoft Corporation)
NetSvcs:64bit: EapHost - C:\Windows\SysNative\eapsvc.dll (Microsoft Corporation)
NetSvcs:64bit: schedule - C:\Windows\SysNative\schedsvc.dll (Microsoft Corporation)
NetSvcs:64bit: hkmsvc - C:\Windows\SysNative\KMSVC.DLL (Microsoft Corporation)
NetSvcs:64bit: wercplsupport - C:\Windows\SysNative\wercplsupport.dll (Microsoft Corporation)
NetSvcs:64bit: ProfSvc - C:\Windows\SysNative\profsvc.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWow64\ias.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\SysWOW64\Sens.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\Windows\SysWOW64\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWow64\wmi.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\SysWOW64\SessEnv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 13:25:18 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ash\Desktop\TDSSKiller.exe
[2012/05/11 20:58:41 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{C27A271B-6848-44FA-AEE4-2DB33072C8EA}
[2012/05/11 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{AE5B2152-04DE-4673-B0E4-993C714E1CB7}
[2012/05/11 15:29:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/11 15:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/11 15:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/05/10 21:53:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2012/05/08 21:39:16 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 21:39:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 21:39:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 21:39:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/05 19:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/05 19:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/05 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/05 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/05 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/05 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/05/05 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/05 18:32:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/05 18:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/05 18:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/05 18:17:27 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/05 18:17:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/05 18:17:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/05 18:17:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/05 18:07:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/05 17:19:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/04 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\AVG Secure Search
[2012/05/04 19:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/04 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\AVG2012
[2012/05/04 19:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/04 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\CRE
[2012/05/04 19:49:53 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Nico Mak Computing
[2012/05/04 19:49:50 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/04 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2012/05/04 19:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/04 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/03 22:26:49 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\ANA course
[2012/05/03 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Nuance
[2012/05/03 22:22:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\FLEXnet
[2012/05/03 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Zeon
[2012/05/03 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/05/03 22:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/05/03 22:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/05/03 22:20:40 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Downloaded Installations
[2012/05/01 16:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/01 16:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/01 16:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/04/29 17:48:06 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{41BC5725-0909-4E89-8933-714A3F2F49D6}
[2012/04/29 17:47:51 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{87B9E85D-B12D-4FD5-A04A-E0D23033F356}
[2012/04/23 13:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{DB904BC2-D077-4D94-9D73-76F2A150B8B0}
[2012/04/23 13:35:06 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{4F2835E3-DB58-48F7-90AD-FA416C94C6B8}
[2012/04/22 15:01:59 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{E7259362-701C-41CA-B2CB-BFFDC270139E}
[2012/04/22 15:01:37 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{D958B118-767D-43EA-81BC-1EFD6511AA6A}
[2012/04/22 11:17:28 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/04/22 11:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/04/22 11:17:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Notepad++
[2012/04/22 11:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/04/21 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{BE468C35-AFBE-4A17-AAF8-F7D50DB76752}
[2012/04/21 18:55:02 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{883F0F0A-2FDE-4E31-AEDA-457392B73F43}
[2012/04/21 18:50:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/21 14:44:25 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{FB6244DA-2195-4C1C-A25F-53E196ECB983}
[2012/04/21 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{FFB61383-55FD-4E7D-8603-08D07CDE71D3}
[2012/04/21 12:48:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\{589409C3-6932-4045-BE12-8338507CE37D}
[2012/04/21 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\Addons1
[2012/04/21 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Ash\Desktop\ShestakUI_3.4.9
[2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/18 18:05:22 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\AMD
[2012/04/17 22:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/04/17 22:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/17 22:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/04/17 22:12:48 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2012/04/17 22:08:32 | 000,000,000 | ---D | C] -- C:\AMD
[2012/04/17 20:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/17 20:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/17 19:30:53 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Malwarebytes
[2012/04/17 19:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/17 19:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/17 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/17 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/17 18:41:51 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/17 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/17 18:41:24 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\TestApp
[2012/04/17 18:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/17 18:38:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 22:07:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 22:07:40 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 22:07:39 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2012/05/12 16:48:58 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 16:48:58 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 16:40:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/12 16:40:42 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/12 13:21:18 | 000,337,607 | ---- | M] () -- C:\Users\Ash\Desktop\FSS.exe
[2012/05/12 13:20:00 | 097,952,128 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/12 13:18:19 | 000,001,227 | ---- | M] () -- C:\Users\Ash\Desktop\World of Warcraft.lnk
[2012/05/11 17:28:17 | 000,000,512 | ---- | M] () -- C:\Users\Ash\Desktop\MBR.dat
[2012/05/11 17:25:52 | 000,034,814 | ---- | M] () -- C:\Users\Ash\AppData\Local\dt.dat
[2012/05/11 15:47:42 | 195,244,757 | ---- | M] () -- C:\Users\Ash\Desktop\The.Vampire.Diaries.S03E22.HDTV.x264-LOL.mp4
[2012/05/11 15:29:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/11 15:25:59 | 000,000,924 | ---- | M] () -- C:\Users\Ash\Desktop\NTREGOPT.lnk
[2012/05/11 15:25:59 | 000,000,905 | ---- | M] () -- C:\Users\Ash\Desktop\ERUNT.lnk
[2012/05/10 21:53:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2012/05/09 16:30:01 | 000,414,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/07 22:31:24 | 002,292,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 22:31:24 | 000,931,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 22:31:24 | 000,005,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 17:16:14 | 000,478,457 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/06 17:45:03 | 000,000,000 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 19:07:30 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/05 18:32:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 18:17:18 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/05 18:17:18 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/05 18:17:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/05 18:17:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/05 18:17:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/04 19:58:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/03 22:28:36 | 000,121,231 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_9_-_Nutrition_of_Small_and_Exotic_Pets.pdf
[2012/05/03 22:28:31 | 000,294,370 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_8_-_Feeding_and_Nutrition_-_Special_dietary_requirements.pdf
[2012/05/03 22:28:26 | 000,055,374 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_7_-_Student_Exercise_-_How_to_feed_cats_undergoing_different_life_stages.pdf
[2012/05/03 22:28:20 | 000,178,382 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_7_-_Feeding_and_Nutrition_-_Differing_Life_Stages.pdf
[2012/05/03 22:28:16 | 000,193,385 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_6_-_Principles_of_Nutrition.pdf
[2012/05/03 22:28:10 | 000,276,025 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_5_-_Feeding_Nutrition_Dogs_Cats_-_Introduction.pdf
[2012/05/03 22:28:05 | 000,054,342 | ---- | M] () -- C:\Users\Ash\Documents\Lecture 4 - Student exercise - Prevent infection.pdf
[2012/05/03 22:28:00 | 000,311,342 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_4_-_Prevention_of_Spread_of_infections.pdf
[2012/05/03 22:27:54 | 000,305,530 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_3_-_Cleaning_and_Disinfecting_Kennels.pdf
[2012/05/03 22:27:48 | 000,143,115 | ---- | M] () -- C:\Users\Ash\Documents\Lecture_2_-_Housing_Small_Animals.pdf
[2012/05/03 22:22:51 | 000,261,685 | ---- | M] () -- C:\Users\Ash\Documents\Lecture 1 - Housing Dogs and Cats.pdf
[2012/05/03 22:21:55 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ash\Desktop\TDSSKiller.exe
[2012/04/21 11:41:08 | 000,887,471 | ---- | M] () -- C:\Users\Ash\Desktop\Skada-1.3-11.zip
[2012/04/21 11:15:03 | 000,812,933 | ---- | M] () -- C:\Users\Ash\Desktop\ShestakUI_3.4.9.zip
[2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/17 22:12:52 | 002,081,139 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

========== Files Created - No Company Name ==========

[2012/05/12 13:21:16 | 000,337,607 | ---- | C] () -- C:\Users\Ash\Desktop\FSS.exe
[2012/05/11 17:28:17 | 000,000,512 | ---- | C] () -- C:\Users\Ash\Desktop\MBR.dat
[2012/05/11 17:25:52 | 000,034,814 | ---- | C] () -- C:\Users\Ash\AppData\Local\dt.dat
[2012/05/11 15:59:55 | 195,244,757 | ---- | C] () -- C:\Users\Ash\Desktop\The.Vampire.Diaries.S03E22.HDTV.x264-LOL.mp4
[2012/05/11 15:25:59 | 000,000,924 | ---- | C] () -- C:\Users\Ash\Desktop\NTREGOPT.lnk
[2012/05/11 15:25:59 | 000,000,905 | ---- | C] () -- C:\Users\Ash\Desktop\ERUNT.lnk
[2012/05/06 17:45:03 | 000,000,000 | ---- | C] () -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 19:07:30 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/05 18:32:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 19:58:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/03 22:28:36 | 000,121,231 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_9_-_Nutrition_of_Small_and_Exotic_Pets.pdf
[2012/05/03 22:28:31 | 000,294,370 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_8_-_Feeding_and_Nutrition_-_Special_dietary_requirements.pdf
[2012/05/03 22:28:26 | 000,055,374 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_7_-_Student_Exercise_-_How_to_feed_cats_undergoing_different_life_stages.pdf
[2012/05/03 22:28:20 | 000,178,382 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_7_-_Feeding_and_Nutrition_-_Differing_Life_Stages.pdf
[2012/05/03 22:28:16 | 000,193,385 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_6_-_Principles_of_Nutrition.pdf
[2012/05/03 22:28:10 | 000,276,025 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_5_-_Feeding_Nutrition_Dogs_Cats_-_Introduction.pdf
[2012/05/03 22:28:05 | 000,054,342 | ---- | C] () -- C:\Users\Ash\Documents\Lecture 4 - Student exercise - Prevent infection.pdf
[2012/05/03 22:28:00 | 000,311,342 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_4_-_Prevention_of_Spread_of_infections.pdf
[2012/05/03 22:27:54 | 000,305,530 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_3_-_Cleaning_and_Disinfecting_Kennels.pdf
[2012/05/03 22:27:48 | 000,143,115 | ---- | C] () -- C:\Users\Ash\Documents\Lecture_2_-_Housing_Small_Animals.pdf
[2012/05/03 22:22:51 | 000,261,685 | ---- | C] () -- C:\Users\Ash\Documents\Lecture 1 - Housing Dogs and Cats.pdf
[2012/05/03 22:21:55 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2012/04/21 11:41:07 | 000,887,471 | ---- | C] () -- C:\Users\Ash\Desktop\Skada-1.3-11.zip
[2012/04/21 11:25:57 | 000,001,227 | ---- | C] () -- C:\Users\Ash\Desktop\World of Warcraft.lnk
[2012/04/21 11:15:03 | 000,812,933 | ---- | C] () -- C:\Users\Ash\Desktop\ShestakUI_3.4.9.zip
[2012/04/17 18:41:55 | 002,081,139 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/11 13:32:01 | 000,004,608 | ---- | C] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 21:04:39 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/17 17:50:15 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/04/03 15:55:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/03 15:55:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/03 15:55:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/03 15:30:12 | 000,000,351 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/28 01:03:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/18 17:42:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/10/18 17:35:26 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/09/06 15:58:35 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/02 23:10:41 | 000,210,623 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/09/02 23:10:41 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/08/26 19:30:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/25 11:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/25 01:31:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/25 01:21:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< "%WinDir%\$NtUninstallKB*$." >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7F58BD1D-6D8B-471A-A356-F92B5CFEF914}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 04 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/04 19:47:16 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/04 19:47:17 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: ASH-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 465 GB Healthy Boot

< End of report >



Farbar Service Scanner Version: 11-05-2012
Ran by Ash (administrator) on 12-05-2012 at 16:44:23
Running from "C:\Users\Ash\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 13th, 2012, 8:56 am

Hi. :)

Yeh i do have the windows 7 installation dvd
OK, this we may need to use to implement some repairs...for now lets proceed as follows.

Now as for the Localhost is blocked issue, I am wondering if it is a setting with ZoneAlarm causing such, though still entirely feasible the root cause was/is malware.

Can you check which particular settings are in use with the aforementioned please and in turn inform myself in your next reply.

Reset Internet Explorer:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with Internet Explorer.
  • Next time Internet Explorer is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.

Reset FireFox:

  • Click on Start(Windows 7 Orb) >> Run...(or depress the Windows Key and R together)
  • Enter the following command:
    Code: Select all
    firefox.exe -safe-mode
  • Click on OK.
  • In the open window, select Reset all preferences to default Firefox.
  • Click on Make the changes and restart.

Scan with RogueKiller:

Please download RogueKiller to your Desktop

Alternate download is here.

  • Quit all running programs
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on the Scan tab
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe


Please post the contents of the RKreport.txt in your next Reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Jump hijack malware

Unread postby elerrina » May 13th, 2012, 12:36 pm

Hi =), What settings did you want to know about in zonealarm? not really sure what to post, theres a few settings enabled on the firewall section
Allow vpn protocols
Disable windows firewall
filter ip traffic over 1394
enable ipv6 networking


RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ash [Admin rights]
Mode: Scan -- Date: 05/13/2012 17:32:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] c638ce7024a2ec8e245bfe1c07f5058d
[BSP] 9a0c03fdd536f34388a25a6dc08d7586 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: LG USB Drive USB Device +++++
--- User ---
[MBR] ffdde92a16593253949d0ab978277331
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1930 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
elerrina
Regular Member
 
Posts: 27
Joined: May 9th, 2012, 1:42 pm

Re: Jump hijack malware

Unread postby Dakeyras » May 14th, 2012, 7:52 am

Hi. :)

What settings did you want to know about in zonealarm? not really sure what to post, theres a few settings enabled on the firewall section
OK, I have been carrying out some research and it appears you can export the settings via a backup but they end up in the xml format which is far from easy to make any real sense of unfortunately even when changing the aforementioned format also.

So what I propose is we actually reset your firewall as follows...

Double click on the System Tray icon >> Tools >> Preferences >> Reset to Default >> Yes >> OK >> OK

Note: No need to reboot your machine as prompted, as the custom OTL script below will do that. You will be prompted to apply some basic settings again with ZoneAlarm after the reboot, merely select the options Public/allow etc etc.

Next:

On a different note if not aware there is actually no need for a third party software firewall with Windows 7 per say. As Windows 7 has a fairly decent/quite reliable two way firewall inbuilt, which means it actually provides both inbound and outbound protection when a machine has internet access. So that coupled say with the hardware NAT(Network Address Translation) firewall feature of a Router is adequate protection for a home user in my humble opinion.

The aforementioned is exactly what I use with both my Windows 7 machines along with my Routers firewall etc. Anyway just food for thought as they say. ;)

Next:

Regarding the RogueKiller log, the entry for the Host File is not looking as should, regardless it was reset via the last Custom OTL Script . It may just be for some reason(may be ZoneAlarm for example and or malware related) it is showing as a unicode type output.

For interest sake by default, Windows 7 has done away with the hosts file. A sample might be present but all the lines in it will be commented out. This is to help in the transition from Internet Protocol version 4 to Internet Protocol version 6. So the default settings for the localhost are now handled internally by the DNS subsystem so a hosts file is no longer needed in theory. Which is not a prudent move to have implemented such I will further add.

The only time you will find one is if it has been created manually (or possibly malware has created a corrupted/compromised one and or edited the sample etc). However to er on the side of caution I will be advising we remove this and reset it to a custom host file so we can definitely rule this out as the cause of the intermittent redirects.

Custom OTL Script:

  • Right-click on OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
ipconfig /flushdns /c
c:\windows\system32\drivers\etc\hosts
c:\windows\system32\drivers\etc\hosts.ics

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Host File Reset/Replace:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\HostsXpert

  • Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • When prompted with:

    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.

  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please click here to run the scan...
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Eset Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware