Win32/Cryptor Virus- Plz Help Remove

View previous topic View next topic Go down

Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 30th August 2011, 6:34 pm

I have run AVG 2011, AVG PC Tuneup, Avira Antivirus, Registry Repair Wizard, and Spyware Doctor to try and remove this virus, but none of it worked. It all started one day when AVG said its VDB failed, but I ignored it and went on the web, in which case I caught the virus and now it won't go away. It always pops up, according to AVG, in the C:\Windows\Temp\(insert long random number here).exe. My computer is slow as a snail now, hidden folders become visible, identity protection in AVG is at risk, Windows' windows turn into windows 95 look, etc. Plz help me.
Here is a quick spec of my computer:
Windows Vista Home Premium (32 Bit)
Service Pack 2
Vaio VGN-CR420E Laptop
Intel Core 2 Duo CPU T8100 @ 2.10GHz
3 GB Ram

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 30th August 2011, 6:37 pm

Here is the OTL File: Its very long, so I will split it into parts:
OTL logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 17:59:20 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
PRC - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/06/20 16:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/25 23:56:48 | 001,540,480 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/20 09:45:10 | 000,764,232 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2011/01/01 01:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 02:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2008/01/20 22:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/06/15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
MOD - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/12/01 01:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/12/01 01:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/12/01 01:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 05:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49717

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e55bf35&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/24 23:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/24 23:19:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 10:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/06 13:09:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/03 18:15:10 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/08/16 11:22:01 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/08/05 12:20:03 | 000,000,000 | ---D | M] (Quizulous_v2b Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{ec173f7c-6744-441f-be93-c7cc43103ba5}
[2011/08/05 12:20:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/07/03 18:14:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\plugin@yontoo.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2011/08/16 11:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\trash
[2011/07/03 18:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/04/13 15:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 19:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/24 23:19:17 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKXRI7HD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/18 10:40:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:29:25 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/08/29 15:29:25 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/08/29 15:29:25 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/08/29 15:23:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/08/29 15:23:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/08/29 15:23:45 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/08/29 15:21:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/08/29 15:21:04 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/08/29 15:20:58 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:58 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/08/29 15:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/08/29 15:20:51 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG
[2011/08/28 16:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/28 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/08/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/25 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AVG Security Toolbar
[2011/08/24 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}
[2011/08/24 23:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
[2011/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
[2011/08/23 10:00:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
[2011/08/23 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
[2011/08/21 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
[2011/08/21 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
[2011/08/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2011/08/21 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
[2011/08/21 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
[2011/08/21 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
[2011/08/19 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
[2011/08/19 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
[2011/08/19 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
[2011/08/18 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
[2011/08/18 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
[2011/08/17 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
[2011/08/17 10:04:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
[2011/08/13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
[2011/08/11 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
[2011/08/11 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
[2011/08/11 09:58:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 09:58:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 09:58:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 09:58:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 09:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:54:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:54:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
[2011/08/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
[2011/08/10 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
[2011/08/09 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ventrilo
[2011/08/09 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/08/09 17:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/08/09 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/08/09 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/09 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011/08/07 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ED1D73E-89E1-4B58-B73B-CB5A3FEB76B5}
[2011/08/07 18:54:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/07 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{29048A1C-25BB-44AD-AF90-E44AA9A38E8C}
[2011/08/06 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/06 13:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/06 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/04 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E59ED909-6070-4B59-ACD7-14904DD4C097}
[2011/08/04 15:38:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D4DD2F3A-9BE7-4D8A-B547-38884AF5A0AA}
[2011/08/03 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6029DEFE-64DF-4756-90B7-9873C930ECAB}
[2011/08/02 23:18:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{31B66B3B-8BB7-49DB-8443-DBB3BE0D56B7}
[2011/08/02 07:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B2F5446C-29A1-4E59-B1D3-0B0FCD4A8574}
[2011/08/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{57709E64-5F64-4FF3-99BB-3B4FD4F434A4}
[2011/07/31 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4EE62924-CCD9-48A9-BDB9-D0C6AEF23F7D}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 30th August 2011, 6:39 pm

[2011/08/30 12:05:46 | 130,537,212 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 10:34:28 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 10:00:52 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 10:00:52 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 01:38:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/29 19:33:03 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:55 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 12:52:18 | 000,660,786 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/08/28 16:18:38 | 000,000,954 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | M] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | M] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 23:19:08 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/24 19:03:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/21 18:33:26 | 000,309,821 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\adeb.exe
[2011/08/10 09:16:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/09 17:40:15 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:40:10 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:38:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 15:23:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/08/29 15:23:46 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/08/29 15:23:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/08/29 15:23:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/08/29 15:23:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/08/29 15:21:04 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/08/29 15:20:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/08/29 15:20:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/08/29 15:20:55 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 15:20:51 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/08/28 16:18:38 | 000,000,954 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | C] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | C] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\adeb.exe
[2011/08/09 17:40:10 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:38:52 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ytig.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\yfje.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ujjt.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\runx.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\pbex.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\nsmp.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\epjr.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\bndp.exe
[2011/07/09 15:00:59 | 000,000,996 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\033E.F6A
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/08/18 10:40:11 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/08/18 10:39:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/08/18 10:39:55 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mshtml.tlb
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2010/01/10 00:45:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2009/11/28 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/06/16 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/21 11:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2011/04/18 01:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/08/29 15:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Antbar
[2010/01/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/08 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/08/28 16:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/08/28 02:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/05/26 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/26 23:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2010/12/16 00:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/08/06 13:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/11 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/08/29 15:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/28 19:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/27 12:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2011/01/18 22:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Daum
[2011/08/20 12:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2011/08/27 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2011/05/26 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/05/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Hide Folder
[2011/07/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/08/30 12:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Giraffic
[2009/12/02 06:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2011/05/24 19:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2011/08/27 13:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/28 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/24 18:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/25 21:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Access for Windows
[2009/11/30 07:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Copier 1.0
[2011/08/24 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/01 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/09 16:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2009/11/29 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\JoinSaw
[2011/08/28 02:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Keyword Search
[2011/08/27 13:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\LeagueOfLegends
[2010/11/09 07:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/16 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/28 19:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/09 06:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 18:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 11:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 10:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/07 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/11/28 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2010/10/30 21:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/06 13:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/01/01 01:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/06 02:20:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/08/28 10:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\SmartPCTools
[2011/07/03 18:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\SocialRibbons LP 1
[2011/02/20 00:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Solveig Multimedia
[2009/11/28 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/08/30 12:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2011/08/11 10:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2011/08/21 19:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\StartNow Toolbar
[2009/11/28 19:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/08/09 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/06 00:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2009/11/29 21:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\ToneThis
[2011/08/27 01:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/12 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/09 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/03/29 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2011/02/10 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/07 16:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon - AOL Toolbar
[2010/11/22 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2010/01/07 16:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/29 21:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/11/28 19:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2009/11/30 17:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/30 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/07 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/12/01 02:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/30 17:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/29 21:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/29 21:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/11/29 21:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/03 18:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-29 00:31:50

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 30th August 2011, 6:40 pm

Here is the Extra:
OTL Extras logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3D323-AE69-4DE2-B20F-ACCD952022AA}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{0B0713A4-CA87-42F8-AB4B-38DE8B7FA903}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B437597-91EF-42A3-BEC6-D43CBA9222E0}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBF5271-DA8D-4564-967C-8245F4AFC4AF}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{1099C141-8C65-4FCE-AE4F-D063BB1EB89B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{10DA03A8-274C-4DD6-85D0-1CC6766CAAF6}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{12412044-A9F3-4037-BC49-677FD3972556}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{13483F27-4AAF-4235-A32B-2DE9C19EFBA8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{13E87C8A-F3B4-417E-AA61-9F23EB0873BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{159837C9-F3DD-45DC-9483-307B67E4E10D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{165993D4-4D63-4531-903F-F1E916BB8384}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{173B904F-A81A-4B55-9F42-65C2307AF996}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{183FEC8C-88F1-41F7-80E9-C09E0F381913}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{190093A6-614D-4A09-96B6-2AB1A1118444}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{190DB5F1-9AA2-4A88-A516-A71667196A02}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{1E5ED2CF-72CB-4909-8ADC-A29828AC95A3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{1E97B74A-B4A6-43ED-9D69-ED6B4500060E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{1F91D7E5-53D4-4362-A312-90E482C2A841}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21D2777A-40CD-47D6-B46D-8A6D4D8A6427}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{23146826-E32C-47BF-BEA4-E7B2A44A126A}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{23A52D61-64B0-4C5F-884C-2F78DCC776F6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{25E3EE3D-9957-4AA7-812B-4CE3FC2BEB50}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279260E5-FEF1-4DB7-B866-2CE073445A00}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{29B04333-9197-4E2B-9EDF-6C95AAFB3D8B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{2C52FFEA-719E-45AC-BE84-C88F424D0C64}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{2C750EA4-FA4E-41CD-9CAE-96A57512922F}" = lport=445 | protocol=6 | dir=in | app=system |
"{319615F0-7C04-4D39-9D1F-383B0579A388}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{31B8E44A-F45C-4B6E-AB3B-E03920840ABE}" = rport=138 | protocol=17 | dir=out | app=system |
"{339128DA-2C68-442F-9B62-4CC245DC5CF2}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{33B09F2B-3247-4851-B1C5-8B6677BEF614}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{35A8FD7D-C834-49FF-BCD5-75CE6514853E}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{37288CCB-70A9-4210-933E-43D867DB5385}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{375745D7-220F-4A3F-905D-7E4440DAC2B7}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{39D89762-3F9F-41E2-B3FC-E2FCA2FAA8DF}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{3A5215C0-225C-4708-ACFD-B2E81BFB0B32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{3A54002D-1F39-474F-91B6-FA7235ED00A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF7E628-326A-4A6F-89FD-CBD0DEFED23A}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{3BB38632-7C07-4A8D-98E1-36105981F5CB}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{404431FF-962B-462F-A7EB-A97A6180F2F1}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{40A0A23D-C8AC-4BD4-80C5-FC7469509B45}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{40A90B69-094D-43F3-8856-C5A00E00515E}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{442A4B0D-5A61-415B-B348-90A3F189003F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{455355F8-B43C-4F12-97A6-D656995DA4CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46B0C7D6-3C7D-496B-97DF-F54BA880FA09}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{470B7EDE-EE29-4E60-A81B-619BA6C63583}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{49ADEAF0-D126-4A6E-86F8-C76B000FBE03}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4A3A0410-A36F-46F9-9C96-37E69677DAC5}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{4B06C6E8-1CEF-427B-996A-727D93AD3BD1}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{4B90E19A-4172-46FD-8508-D4DA4AA5ECE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D0FFFC2-802C-406C-8D05-02E948E55FF1}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{4D94FCF6-ECA4-4A4C-A534-BD865B5C6CB2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DCC247D-90E1-470C-AEA0-DC3094059E3C}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{4F0179D7-2EAB-4C05-92CB-09EF741E7DFC}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{4FC9CF35-609E-40A0-85A1-5B1FA5DFEDA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50CBDF4C-CFFF-4066-8F66-5A94509B473D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{51FB9642-1DA8-47A0-9EF9-71C54685A667}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{54EA3E4C-AF1A-4F0A-B059-2FAF09F04B07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D5542D-DBFE-4364-B229-6D6A03A4A756}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher |
"{56E08EDF-6FAD-40EB-82C4-CA08CF13BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57236925-6ACB-4AD4-A260-EA5E896F9A0C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5278EF-D558-4610-B277-1B79E233D2AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5ADE2B52-F095-4A30-8973-AF770706A098}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{5D4D7938-6AF8-49D8-B383-7382BA2FF027}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{5E0F8E79-6597-4E42-A00B-937A9BD1F81D}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{5F1FAD54-88FF-4BD1-A9AD-B798E4728965}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |
"{5F5C2F26-4046-4DD2-AB47-13A5CE45CE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69038CCF-006D-44C0-B237-336DD2B582A1}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{69194A7D-6E07-45D4-B74E-AAEEAAEC9160}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{699CFBAF-F787-4CA5-818D-212E0FEC9BB4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{6B46DD77-8662-4EAF-B256-E91C41922D9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C17F023-650E-4EBC-96C4-B0C84BC906C4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{6E880397-5FEC-4C74-88A1-D3BA1391A733}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{6E9470F1-C8CE-4AC8-B5B6-7018C590BC70}" = lport=138 | protocol=17 | dir=in | app=system |
"{7374D1D9-C807-4ECC-AB06-3847E7B41693}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{76989483-6CB1-4877-A5DC-808BA02FE60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76E9FDB7-6CA9-4DD5-B0CF-59C98B28B7EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7757FE35-6D4A-4F09-ADCC-9A27BA52EEFD}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{794A3C33-A9CD-46C5-9A55-97E6DE532E73}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{795D5D37-8A20-4DC1-9D9E-B318E7FDFAF9}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{7E654170-7387-4BA3-8433-D9D4CC1EFB02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{813A9B45-D3B1-4A6D-9209-7C11318CA0FC}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{81AEA6C0-B5FD-41CF-AEB7-532760B0F165}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{84B13428-C3D4-4E25-AC13-38EB091DC467}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{88BB4695-5A68-46E1-B73B-8224391DFD0B}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{88CAB7E9-7884-4CBC-8228-35A416D5C18E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{8B9EC83C-5769-444B-9490-11A236CBE83F}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{8C52F557-3FD4-4059-82F1-7536A5CCF2E7}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{90FC84BB-9604-4FC6-AA58-42459DF24E7A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{939E5701-E8C9-45AE-8100-68522DEE4C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95BA6732-3EB9-43CD-AD2B-A92F4FFC53FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97524C56-CFE7-46B8-AB10-E3E23FB9D9D9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{980DE2E7-4E66-4B2A-94C8-2B24FE521710}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{9BD81228-B8AF-4729-9D94-EC39F9023094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DF7D15E-EE1D-4110-B7C2-27F04EC67216}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C28F9-3D30-499F-88E7-B2C1F0191F80}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{9E601724-B8DE-4200-9545-90AAE42E57FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A024A2A9-4FD7-41B4-BB7F-1C9C1B68214B}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{A46800FC-E0BE-4F5D-B871-DA551E1C2347}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A701BE5E-87CA-4036-BCDC-D769816FBACB}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8F32150-09E3-46D8-BA43-79F3579888DA}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{A97990D9-53FF-417B-A63E-97211678CC4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4EB7DC-9E0D-4325-9DE9-5A55AB1D1421}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{AEAFFBFC-363D-46A0-969A-B74CE8B453F3}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4206F9-4544-47B9-B0BB-7790FE40C970}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{B23BAECD-5057-4719-8BB1-183C92F69185}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530D81E-D7C9-4D52-994E-05C33084E62A}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{B8538551-3AA1-4586-9C35-7EAEB1320A81}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{B89ADA89-D1A2-439D-A3C6-A0CC778561C7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{BDBEC5EB-12D7-4B3C-AA0A-57615F40AE38}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{C232EB13-277F-4E64-B626-B753D100814A}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{C2AAA4EF-7AF5-44D4-9A0C-C3E1E18EB183}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{C386B2D5-2FDC-464C-9D9B-A265CB5C2539}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{C645F34C-FE6F-4E98-A287-A7F8BEFBB275}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{C90AA3F7-CF70-4F06-A8B4-B1F6BF1448A0}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{C90E1B62-6764-476C-ACC3-6ECD65439A3C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CC60E6A5-737A-4906-8992-72378B712488}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{CEF3EE49-D9F1-4584-91BE-FC687498433F}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher |
"{D112D3C9-288E-420A-8A9F-345AD69C510F}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{D1E551C1-A721-4EC1-AD8A-B8A552BE9C01}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{D1EDAD76-FE38-446A-BC62-25559DA8A20D}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{D23C8CF6-0E0D-4749-A41A-64577D550DA1}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D449411C-E9EC-4B46-8117-827A1A749AD2}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{D45E0D78-74AB-4EC0-8671-F85C8A63413F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D503811E-A8E1-4AB9-903B-585CF3ADBDBC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D5725A21-5C09-44E4-82FA-DBC721203675}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{D5BFE526-02F8-4A57-B0C2-4B6B37496914}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{D617BB75-A207-4E46-9B16-E42AA65BB87D}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D6912923-1DF6-458C-9A0D-788703D75DA7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{D8899722-DC18-40CC-9750-8FF7A2488FC1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{DCE1BA94-471A-4DA2-B712-2594A9A33A0E}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{DDBB8C43-3DC1-4362-98CF-1FDE043F399E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F041061E-5215-44DC-B6F5-474A3B39B4AC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{F3C31069-07F5-4372-8089-EE0389E9964B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5815EFE-E650-43AE-9661-2038DADFC880}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{F7922FFB-CBC8-474D-ACAD-A2D7B688C550}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F85C9794-5DB3-4418-A50C-7F6517C89C3C}" = lport=49335 | protocol=6 | dir=in | name=akamai netsession interface |
"{F867D1CC-715E-41F8-8DF7-D5BD70027605}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{FB9298C3-5001-466F-8FA3-9A1D8E76A0F7}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{FD8D6D24-47FF-493D-9084-B0C0CAA1D93F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{FE7B498F-8E99-4CBD-9887-09897873901B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{FF6C43B0-DE05-4E5F-BED7-F1E6DB06CE42}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA16D-755D-4E9C-9832-9090EF6A7ADD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C43F356-6C53-42D3-B0DA-287B59BF23B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{107847FD-907A-4DE0-80C0-AD15D3A1BB9F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11A645F6-16F6-4FA5-A44D-E1997D572104}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15007A92-3C24-4E92-81C6-A5C8FC46B61A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29165D34-2BD2-45BE-BBAA-35D96A79FCA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3092CD86-98D1-4233-8368-EE6CA0BB3748}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3AD2F8EB-2A45-4961-B768-A49AB6A65927}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3B1BDAD6-EBA2-4832-A3D3-ED8CB66A8887}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3E0F4B6B-4379-4625-8729-FD86039C3DB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{42BE5386-FDD7-4223-9888-277DB3D3DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{478BCCF8-FE7E-4E29-ACE0-E11DD4143109}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488C3249-6CF3-4F75-B34F-A5C9E69D311D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B42CC87-61D2-4799-90E4-0550499BBA32}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CC85903-88C0-4BAD-A660-25A4836E50EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{533039FE-52B0-4B8F-8853-59451DCA2F72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56AD7F71-A53D-4DAE-A197-770223BA557B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{575A2FE7-D75B-4172-9F56-5B2248D776A0}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{5870BD9C-BF07-44B2-B75B-0D3FDE4B9DB9}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{5CB28A0F-267F-4C0E-8238-74DBFC373500}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5DB7E2B1-FBEA-4956-832A-45E082DFF3A7}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6DA9C81F-C01F-4DB4-BBA8-60D91AF59EEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{737221E6-84BA-42A9-AFD1-3D8C549A3DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C0A1EE6-5372-4F01-A657-BC4C00C23B3C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7E784AEE-9644-4F1B-88DA-BE8F8A1DC872}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8628E406-BDD7-4E8A-939F-76EDAF978B82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88BDD46D-46A4-4B4C-9FBD-5D65EA032BF4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8B02DB57-3090-47D0-B382-692785A0D670}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B1D4979-5756-4123-8183-D72AE6000E45}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{944845B5-F603-45FB-9311-A97335DF2BCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{945F1F97-881E-498C-9657-EDC69FFA4882}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9723D8EB-F55A-4038-BE41-8F773554ECA9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{979DF4DF-58D1-4D46-9FF4-644373D6771A}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9BE02B71-4EA7-4EAD-8B52-727B956E58D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A2892120-330B-488F-B327-CC701287E30A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4070725-CE07-4808-8BB5-02148A4F568D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAF6FFF4-D180-4B51-BABE-C5A2FFC8705A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2ABDD43-C8B8-4EBE-B810-3464ECE1D604}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F42550-EDF8-4B4F-A0A7-B94118EC95D4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{BE34851B-CFC5-4DE8-9D5E-08DA11EF2C64}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{BE5B3715-C928-48EC-B8CE-B22C086D124C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C2DA1FA0-A126-41B3-B593-777B34DD04F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C350AD24-59C6-4F46-90AB-BB18453273EE}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{C6EEE6A8-78C6-44A0-86FA-77D094F9A501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CFFFFECB-85EE-4D02-BE1D-97D53EA659BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1055954-8A9E-490D-BC02-D56ADCE75698}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D61E30C9-1A22-44F9-AF5A-521FDBF182C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB90B36E-1BC6-4F8D-998B-3E05652A1FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E0D31C3B-985A-4C80-97D8-C355E83175CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0F62584-5F8C-4B2D-A817-F2C19B2B4249}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{E5956A52-2F57-4A1F-A750-40F0D05943B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E7A3E060-F639-4D6A-95FE-C338DE43BF47}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EE37BF2A-E961-4043-B1C8-D070172EBC24}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{F1A90838-F1D7-4904-94B8-8513442E0C8B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FADFB46C-298C-4081-8E14-1FD635714E89}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FB915FAF-237F-42AE-AD1A-18C11A4AB4F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FD4F45A6-D41B-4767-B0C4-6D0602E365E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FE14BABD-B1B1-4FD4-80A2-51D00DD8205E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF5EFFFB-5F7C-4EB9-8D44-75444652CC58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0D83FA58-36B4-45B5-AA7F-C8CA485FD7A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{1416E23D-9E10-4C07-8EA4-6D4EFA9B3F57}I:\techwizard.exe" = protocol=6 | dir=in | app=i:\techwizard.exe |
"TCP Query User{8460E902-AEBD-4A36-AEC5-F4431D7B9549}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{AE553DD2-4BEE-48DD-85F4-D364E1120831}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F7AF3BB6-586F-4F88-AAA2-F7F8E9B23B0D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{41C33E99-5FA7-4260-80A2-D034DF4F8884}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{67C8C370-6DCB-4CB3-BB75-ECA5121E71FB}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{71950748-4285-4CC2-9457-956C98A52C84}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9D513242-3561-4D05-9921-68E8C74B64C8}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B75D48F9-4303-488E-9354-4B589B4BF954}I:\techwizard.exe" = protocol=17 | dir=in | app=i:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"AVG" = AVG 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 3.1_is1" = AVS Video Editor 3.1.1.93
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DemoApp" = Fast File Saw & Joiner V3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Hide Folder" = Free Hide Folder
"Free Video Dub_is1" = Free Video Dub version 1.8.11.426
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Giraffic" = Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"iPod Access for Windows_is1" = iPod Access for Windows v4.4.1
"Keyword Search" = Keyword Search
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 12.0" = RealPlayer
"Registry Repair Wizard_is1" = Registry Repair Wizard
"Revo Uninstaller" = Revo Uninstaller 1.92
"SocialRibbons LP 1" = SocialRibbons LP 1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"StartNow Toolbar" = StartNow Toolbar 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"ToneThis" = ToneThis
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Verizon - AOL Toolbar" = Verizon - AOL Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2011 1:07:27 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 9:54:45 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:12:31 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x5dc, application
start time 0x01cc671c0135d2df.

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/30/2011 10:55:22 AM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

Error - 8/30/2011 11:50:50 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 11:52:04 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 11/29/2009 9:02:11 PM | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/30/2011 10:28:46 AM | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =

Error - 8/30/2011 11:49:38 AM | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:26 AM on 8/30/2011 was unexpected.

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/30/2011 11:52:42 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 30th August 2011, 6:41 pm

Here is the aswMBR AND the Security Check checkup.txt
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 12:52:20
-----------------------------
12:52:20.820 OS Version: Windows 6.0.6002 Service Pack 2
12:52:20.820 Number of processors: 2 586 0x1706
12:52:20.821 ComputerName: ADMIN-PC UserName: Admin
12:52:44.412 Initialize success
12:54:53.855 AVAST engine defs: 11083001
12:56:36.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:56:36.171 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
12:56:36.174 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
12:56:36.177 Disk 1 Vendor: ( Size: 114473MB BusType: 0
12:56:36.181 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
12:56:36.184 Disk 2 Vendor: ( Size: 114473MB BusType: 0
12:56:36.188 Disk 0 MBR read error 0
12:56:36.191 Disk 0 MBR scan
12:56:36.297 Disk 0 unknown MBR code
12:56:36.301 MBR BIOS signature not found 0
12:56:36.306 Disk 0 scanning sectors +234436545
12:56:36.441 Disk 0 scanning C:\Windows\system32\drivers
12:57:09.237 Service scanning
12:57:12.640 Service .avgldx86 \* **LOCKED** 123
12:57:13.117 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:57:13.770 Modules scanning
12:57:26.300 Disk 0 trace - called modules:
12:57:26.307 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x86c794c0]<<
12:57:26.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86752820]
12:57:26.323 3 CLASSPNP.SYS[8ab688b3] -> nt!IofCallDriver -> [0x8664f3b8]
12:57:26.329 5 PCTCore.sys[8273deae] -> nt!IofCallDriver -> [0x84d914f8]
12:57:26.334 7 acpi.sys[805c16bc] -> nt!IofCallDriver -> [0x84d916c0]
12:57:26.339 \Driver\atapi[0x86b59030] -> IRP_MJ_CREATE -> 0x86c794c0
12:57:29.242 AVAST engine scan C:\Windows
12:57:35.076 AVAST engine scan C:\Windows\system32
13:02:13.151 AVAST engine scan C:\Windows\system32\drivers
13:02:35.563 AVAST engine scan C:\Users\Admin
13:06:36.427 AVAST engine scan C:\ProgramData
13:16:05.032 Scan finished successfully
13:18:30.732 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
13:18:30.744 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

____________________________________________________________
Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
AVG PC Tuneup 2011
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFService.exe
``````````End of Log````````````


jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 2nd September 2011, 5:40 pm

bump

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 2nd September 2011, 8:33 pm

Hi there jungwpark!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Before doing anything, you really need to uninstall some of your security software. All that stuff just gets into its way. Running two antivirus is a particularly bad idea. Your computer will slow down a lot and be instable because of it. I suggest you uninstall everything except for Avira.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
C:\ProgramData\734ic5kl480kc2nvg31
C:\Users\Admin\AppData\Local\wggl.exe
C:\ProgramData\rgdu.exe
C:\Users\Admin\AppData\Local\qerj.exe
C:\ProgramData\qdrn.exe
C:\Users\Admin\AppData\Local\klfm.exe
C:\ProgramData\jatr.exe
C:\Users\Admin\AppData\Local\fsfb.exe
C:\ProgramData\adeb.exe
C:\Users\Admin\AppData\Local\ytig.exe
C:\ProgramData\yfje.exe
C:\Users\Admin\AppData\Local\ujjt.exe
C:\Users\Admin\AppData\Local\runx.exe
C:\ProgramData\pbex.exe
C:\Users\Admin\AppData\Local\nsmp.exe
C:\ProgramData\epjr.exe
C:\ProgramData\bndp.exe
C:\Users\Admin\AppData\Local\brv.exe
C:\Users\Admin\AppData\Local\amo.exe

:otl

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

You have a bunch of toolbars installed, some of them are not recommended (adware). I would uninstall all of them except for the ones you really like and use.

====================

Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 4th September 2011, 6:34 am

Thank you for your response. Honestly, I wuz getting worried as to whether someone will actually take up this task of helping me xD.
So, I have uninstalled AVG 2011, and Spyware Doctor (the other 2 anti virus programs other than avira, respectively) and have run the OTL "run fix" and the MBAM. I will post the results here:

OTL Run Fix Results:
========== FILES ==========
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31 moved successfully.
C:\ProgramData\734ic5kl480kc2nvg31 moved successfully.
C:\Users\Admin\AppData\Local\wggl.exe moved successfully.
C:\ProgramData\rgdu.exe moved successfully.
C:\Users\Admin\AppData\Local\qerj.exe moved successfully.
C:\ProgramData\qdrn.exe moved successfully.
C:\Users\Admin\AppData\Local\klfm.exe moved successfully.
C:\ProgramData\jatr.exe moved successfully.
C:\Users\Admin\AppData\Local\fsfb.exe moved successfully.
C:\ProgramData\adeb.exe moved successfully.
C:\Users\Admin\AppData\Local\ytig.exe moved successfully.
C:\ProgramData\yfje.exe moved successfully.
C:\Users\Admin\AppData\Local\ujjt.exe moved successfully.
C:\Users\Admin\AppData\Local\runx.exe moved successfully.
C:\ProgramData\pbex.exe moved successfully.
C:\Users\Admin\AppData\Local\nsmp.exe moved successfully.
C:\ProgramData\epjr.exe moved successfully.
C:\ProgramData\bndp.exe moved successfully.
File\Folder C:\Users\Admin\AppData\Local\brv.exe not found.
File\Folder C:\Users\Admin\AppData\Local\amo.exe not found.
========== OTL ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.6 log created on 09042011_013459
___________________________________________________________

MBAM Log:
Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7647

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 2:22:12 AM
mbam-log-2011-09-04 (02-22-05).txt

Scan type: Quick scan
Objects scanned: 175324
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{610EBFCC-8014-4224-8789-FA7E8E705569} (Adware.Torangz) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\torangcomz.DLL (Adware.Torangz) -> No action taken.
HKEY_CURRENT_USER\Software\Keyword Search (Adware.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Once again, thank you for your help and I eagerly wait for your response.
~jungwpark

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 4th September 2011, 7:27 am

OK, we cleaned up some stuff.
Malwarebytes found some things - you should allow malwarebytes to clean that up too.

  • Please run Malwarebytes' Anti-Malware
  • Click the Update tab and click Check for Updates.
  • After that, click the Scanner tab, select Perform Quick Scan and click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 4th September 2011, 2:31 pm

Thank you for your fast response; it always feels good when others aid people in need of help with fervor ^-^.
So, I have run the MBAM and it found 2 more infections, which MBAM repaired. Here is the log:

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7649

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 10:08:15 AM
mbam-log-2011-09-04 (10-08-15).txt

Scan type: Quick scan
Objects scanned: 175472
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Admin\AppData\Local\Temp\ms1cfg32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.

Yours truly,
jungwpark

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 4th September 2011, 5:13 pm

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 27

After doing this, you can go to [You must be registered and logged in to see this link.], click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 27).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have UAC disabled. From security point of view, this is not recommended.

How is your computer running now?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 6th September 2011, 3:40 am

Sorry for the very late reply. I was very busy with work and had no time to even check the computer at nights after work. Thank you for your dedication to helping me & my dilemma. The virus seems to be cleared now and the computer is running like it did before the virus hit. Your expertise in this field is envious from my point of view, and hope that u help others just as dedicated and sincere. Tyvm gabethebabe.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 6th September 2011, 5:35 am

Time to uninstall used tools.

  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • [You must be registered and logged in to see this link.]. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • [You must be registered and logged in to see this link.] has received great reviews from leading security analysts.
  • [You must be registered and logged in to see this link.] is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • [You must be registered and logged in to see this link.]. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • [You must be registered and logged in to see this link.]. A very smart and user friendly firewall.
  • [You must be registered and logged in to see this link.] is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. [You must be registered and logged in to see this link.] is an excellent source of freeware reviews.
  • Navigate safely. [You must be registered and logged in to see this link.] is the safest browser available. However, Mozilla Firefox can be made extremely safe with the [You must be registered and logged in to see this link.] addon. Internet Explorer (always use [You must be registered and logged in to see this link.]) can be made a lot safer with [You must be registered and logged in to see this link.] (manual [You must be registered and logged in to see this link.]).
  • The [You must be registered and logged in to see this link.] addon will help you to stay on reliable webpages.
  • [You must be registered and logged in to see this link.] alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 7th September 2011, 11:48 am

Thank you once again gabethebabe for your help. But I think I need help with one more issue. After the virus has been wiped, it seems that I cannot access some websites and get the message "unable to connect". Would you know how to fix this issue?

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 7th September 2011, 11:57 am

Does the following help:

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 7th September 2011, 7:58 pm

It does not seem to work :\. I went to a website that tells whether a site is down or not, and tried many of the websites Firefox is "unable to connect" to, but it says all the sites r up & running :\. Any other suggestions, gabethebabe?

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 7th September 2011, 8:05 pm

It only happens in FF or are the same sites also unavailable from other browsers?

Feel free to run a normal OTL scan and post the logs

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 7th September 2011, 10:53 pm

It does not seem to work for either Internet Explorer, or Firefox (i have not installed google chrome yet).

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 7th September 2011, 11:06 pm

Here is the OTL log. I did not add any custom scans/fixes to the scan:

OTL logfile created on: 9/7/2011 6:54:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.13% Memory free
6.18 Gb Paging File | 4.27 Gb Available in Paging File | 69.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 29.63 Gb Free Space | 35.69% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 12.50 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/25 23:56:48 | 001,540,480 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2011/01/01 01:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 02:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 08:01:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 07:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 07:53:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/09/07 07:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/03 18:15:10 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/08/05 12:20:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/07/03 18:14:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\plugin@yontoo.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2011/07/03 18:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/05 23:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKXRI7HD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/05 23:27:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 23:28:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 02:11:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/09/04 02:11:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/04 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/04 02:11:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/04 02:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 01:34:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fixing the Comp
[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/08/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/24 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
[2011/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
[2011/08/23 10:00:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
[2011/08/23 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
[2011/08/21 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
[2011/08/21 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
[2011/08/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2011/08/21 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
[2011/08/21 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
[2011/08/21 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
[2011/08/19 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
[2011/08/19 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
[2011/08/19 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
[2011/08/18 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
[2011/08/18 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
[2011/08/17 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
[2011/08/17 10:04:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
[2011/08/13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
[2011/08/11 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
[2011/08/11 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
[2011/08/11 09:58:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 09:58:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 09:58:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 09:58:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 09:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:54:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:54:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
[2011/08/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
[2011/08/10 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
[2011/08/09 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ventrilo
[2011/08/09 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/08/09 17:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/08/09 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/08/09 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/09 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 17:59:30 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 17:59:30 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 17:54:28 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 17:54:28 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 15:54:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 15:54:04 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 12:54:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/07 10:11:45 | 298,580,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/07 08:01:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/07 07:59:26 | 000,000,830 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/07 07:55:33 | 000,238,265 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks.html
[2011/09/06 23:46:48 | 000,053,757 | ---- | M] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/05 23:27:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/05 23:27:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 17:51:40 | 000,012,979 | ---- | M] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 09:57:05 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 18:35:19 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 13:18:30 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | M] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/09 17:40:15 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:40:10 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:38:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 09:13:43 | 298,580,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/07 07:59:25 | 000,000,830 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/07 07:55:33 | 000,238,265 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks.html
[2011/09/06 23:46:48 | 000,053,757 | ---- | C] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/04 17:51:40 | 000,012,979 | ---- | C] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 18:36:42 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 13:18:30 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/28 10:11:01 | 000,000,911 | ---- | C] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/09 17:40:10 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:38:52 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/07/09 15:00:59 | 000,000,996 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\033E.F6A
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 8th September 2011, 12:03 pm

We will proceed with some cleanup - never a bad idea and who knows, it might solve your problem.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\ProgramData\TEMP:0B4227B4
C:\ProgramData\TEMP:ECF54A0E
C:\ProgramData\TEMP:DFC5A2B2
C:\ProgramData\TEMP:FB1B13D8
C:\ProgramData\TEMP:A8ADE5D8
C:\Windows\System32\?G /u
C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}

:otl
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

  • Please download TFC (Temp File Cleaner) by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all programs before proceeding with the next step.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that needs to be deleted this can take seconds or up to several minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

I recommend you install all toolbars. Some of them have a shady reputation. Feel free to reinstall them later.
Ant toolbar
AOL/Verizon toolbar
Startnow toolbar (this one especially)
Social ribbons toolbar

Basically - every toolbar you can find - get rid of it.

What is this "Giraffic"software? If not really needed ==> uninstall

You have some SMartPCTools registry wizard. Registry wizards can damage your computer => uninstall. It has a bad reputation too.

After this cleanup, Let me knowif things got better


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 10th September 2011, 6:46 pm

Sorry for the very late response. I was away from my house for a bit and forgot my username and password so I couldn't access it from another computer.
Here are the results from the OTL Fix:
========== FILES ==========
File\Folder C:\ProgramData\TEMP:0B4227B4 not found.
File\Folder C:\ProgramData\TEMP:ECF54A0E not found.
File\Folder C:\ProgramData\TEMP:DFC5A2B2 not found.
File\Folder C:\ProgramData\TEMP:FB1B13D8 not found.
File\Folder C:\ProgramData\TEMP:A8ADE5D8 not found.
File\Folder C:\Windows\System32\?G not found.
C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9} folder moved successfully.
C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206} folder moved successfully.
C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734} folder moved successfully.
C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5} folder moved successfully.
C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204} folder moved successfully.
C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289} folder moved successfully.
C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952} folder moved successfully.
C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B} folder moved successfully.
C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167} folder moved successfully.
C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF} folder moved successfully.
C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8} folder moved successfully.
C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE} folder moved successfully.
C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40} folder moved successfully.
C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57} folder moved successfully.
C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337} folder moved successfully.
C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8} folder moved successfully.
C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC} folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.6 log created on 09102011_143144

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 10th September 2011, 7:51 pm

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
@C:\ProgramData\TEMP:0B4227B4
@C:\ProgramData\TEMP:ECF54A0E
@C:\ProgramData\TEMP:DFC5A2B2
@C:\ProgramData\TEMP:FB1B13D8
@C:\ProgramData\TEMP:A8ADE5D8
C:\Windows\System32 /u
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Did you get rid of the rest as well. Any effect?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 11th September 2011, 7:08 am

I have run OTL fix again, and here are the results:
========== FILES ==========
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:FB1B13D8 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
File\Folder C:\Windows\System32 not found.

OTL by OldTimer - Version 3.2.26.6 log created on 09112011_030712

As of now, I still cannot access the websites, and continue to get the "unable to connect" message from firefox.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 12th September 2011, 9:27 am

OK, I´m not sure what is going on. What I can do is one final malware (rootkit) check. If this is clean, I think the best thing you can do is Google the error messages. You will find a LOT of help on the Internet for common problems such as this.

For example:
[You must be registered and logged in to see this link.]

====================

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 12:11 am

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-12 19:52:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MK1246GSX rev.LB213M
Running: fc6rk1jz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


---- System - GMER 1.0.15 ----

SSDT 9077D3BE ZwCreateSection
SSDT 9077D3C3 ZwSetContextThread
SSDT 9077D35F ZwTerminateProcess

INT 0x52 ? 86D73BF8
INT 0x62 ? 86D73BF8
INT 0x72 ? 8515CED8
INT 0x82 ? 8515CED8
INT 0xA2 ? 86D73BF8
INT 0xA2 ? 86D73BF8
INT 0xA2 ? 86D73BF8
INT 0xB2 ? 86D73BF8
INT 0xB3 ? 86D73BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 826C0998 4 Bytes [BE, D3, 77, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 826C0CF0 4 Bytes [C3, D3, 77, 90] {RET ; SAL DWORD [EDI-0x70], CL}
.text ntkrnlpa.exe!KeSetEvent + 621 826C0DA4 4 Bytes [5F, D3, 77, 90] {POP EDI; SAL DWORD [EDI-0x70], CL}
? System32\Drivers\spwx.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 900FA41B 5 Bytes JMP 86D731D8
.text ailykpn9.SYS 8AF58000 22 Bytes [82, 53, 9D, 82, 6C, 52, 9D, ...]
.text ailykpn9.SYS 8AF58017 106 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text ailykpn9.SYS 8AF58082 74 Bytes [62, 82, 98, AE, 6B, 82, 86, ...]
.text ailykpn9.SYS 8AF580CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text ailykpn9.SYS 8AF58118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[520] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\System32\svchost.exe[1212] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text ...
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!WindowFromPoint 7708884F 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!GetForegroundWindow 770932C4 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!GetCursorPos 770A0B88 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[3984] ole32.dll!CoCreateInstance 75F39F3E 5 Bytes JMP 0086000A
.text C:\Program Files\real\realplayer\Update\realsched.exe[4012] kernel32.dll!SetUnhandledExceptionFilter 762CA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] kernel32.dll!IsDebuggerPresent 762BEFF7 6 Bytes JMP 0060794C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] kernel32.dll!DeviceIoControl 762C50FF 7 Bytes JMP 0060800C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ole32.dll!CoCreateInstance 75F39F3E 5 Bytes JMP 00606EF4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] USER32.dll!ChangeDisplaySettingsExA 77086FE7 5 Bytes JMP 00607FB4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] USER32.dll!ChangeDisplaySettingsExW 770CA9E4 5 Bytes JMP 00607FE0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegFlushKey 7638CDEB 7 Bytes JMP 00607974 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteKeyA 763A1C8C 5 Bytes JMP 00607A78 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryInfoKeyA 763A297F 7 Bytes JMP 00607D00 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteValueA 763A2F59 7 Bytes JMP 00607AD0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueA 763A30C8 7 Bytes JMP 00607D98 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteKeyW 763A38CD 7 Bytes JMP 00607AA4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyExA 763A39AB 5 Bytes JMP 006079F0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyA 763A3BA9 5 Bytes JMP 00607998 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueExA 763A3BEC 7 Bytes JMP 00607EE8 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteValueW 763A3FB6 7 Bytes JMP 00607AFC C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyA 763A89C7 5 Bytes JMP 00607C38 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumValueA 763A8A0B 7 Bytes JMP 00607BB0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumValueW 763A9850 7 Bytes JMP 00607BF4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumKeyExA 763B28D2 5 Bytes JMP 00607B28 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueW 763B32D4 7 Bytes JMP 00607DCC C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyW 763B391E 5 Bytes JMP 006079C4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueExW 763B3D5A 7 Bytes JMP 00607F24 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyExW 763B41F1 5 Bytes JMP 00607A34 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryInfoKeyW 763B48B4 7 Bytes JMP 00607D4C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueExA 763B7A9D 7 Bytes JMP 00607E00 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyExA 763B7C42 5 Bytes JMP 00607C90 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyW 763BE2B5 5 Bytes JMP 00607C64 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueExW 763C765E 7 Bytes JMP 00607E3C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCloseKey 763C7908 7 Bytes JMP 00607950 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyExW 763C7BA1 5 Bytes JMP 00607CC8 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumKeyExW 763C7F52 7 Bytes JMP 00607B6C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueW 763CB3E4 5 Bytes JMP 00607EB0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueA 76405811 5 Bytes JMP 00607E78 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Windows\system32\svchost.exe[5168] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[7432] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FB90] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device 85F241F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device AF0491F8
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8515E1F8
Device \Driver\usbuhci \Device\USBPDO-0 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86E1D1F8
Device \Driver\usbehci \Device\USBPDO-2 86E201F8
Device \Driver\usbuhci \Device\USBPDO-3 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-4 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-5 86E1D1F8
Device \Driver\usbehci \Device\USBPDO-6 86E201F8
Device \Driver\PCI_PNP8723 \Device\00000057 spwx.sys
Device 8515E1F8

AttachedDevice tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\sptd \Device\3676586736 spwx.sys
Device \Driver\cdrom \Device\CdRom0 86DD91F8
Device \Driver\cdrom \Device\CdRom1 86DD91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F231F8
Device \Driver\atapi \Device\Ide\IdePort0 85F231F8
Device \Driver\atapi \Device\Ide\IdePort1 85F231F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85F231F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EBDF4CCB-9A5B-4417-BF61-C113EE32DD9A} 89F4B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 89F4B1F8
Device \Driver\Smb \Device\NetbiosSmb 89F551F8
Device \Driver\iScsiPrt \Device\RaidPort0 86FD71F8
Device \Driver\usbuhci \Device\USBFDO-0 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86E1D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D61207D6-2B83-49A4-B477-3E102C56AED9} 89F4B1F8
Device \Driver\usbehci \Device\USBFDO-2 86E201F8
Device \Driver\usbuhci \Device\USBFDO-3 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-4 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86E1D1F8
Device \Driver\usbehci \Device\USBFDO-6 86E201F8
Device \Driver\ailykpn9 \Device\Scsi\ailykpn91Port3Path0Target0Lun0 86DDE1F8
Device \Driver\ailykpn9 \Device\Scsi\ailykpn91 86DDE1F8
Device \FileSystem\cdfs \Cdfs 8597C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3d2fce
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\jungwpark@aol.com@6433e93964486a154be20cafe64d137f\r\n 0xD1 0x5E 0x42 0x7B ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB221$\2034599527 0 bytes
File C:\Windows\$NtUninstallKB221$\2034599527\L 0 bytes
File C:\Windows\$NtUninstallKB221$\2034599527\U 0 bytes
File C:\Windows\$NtUninstallKB221$\3280931714 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\01[1].htm 7306 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\01[2].htm 7282 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\data_sync[1].htm 572 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RNNRD4HC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CLR1OSCG.txt 365 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4CH5SAWX.txt 2727 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YFLUZ257.txt 422 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I89WM46.txt 111 bytes

---- EOF - GMER 1.0.15 ----

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 13th September 2011, 6:47 am

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Double-click SystemLook.exe to run it.
  • Copy the following text into the main textfield:

:filefind
spwx.sys
ailykpn9.SYS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop (SystemLook.txt.)

====================

Lets try ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. I hope it will run. Computers that had AVG installed, frequently have problems running this tool. If it works, please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 11:47 am

This is the result of running SystemLook:
SystemLook 30.07.11 by jpshortstuff
Log created at 07:37 on 13/09/2011 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "spwx.sys"
No files found.

Searching for "ailykpn9.SYS"
No files found.

-= EOF =-


jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 12:27 pm

Here are the results of ComboFix:
ComboFix 11-09-13.01 - Admin 09/13/2011 8:02:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1819 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Downloaded Installers
C:\Program Files\Downloaded Installers\{BA19D5DC-37BE-4FE5-98DB-1C35CA26592A}\setup.msi
C:\Program Files\Keyword Search
C:\Program Files\Keyword Search\uninstall.exe
C:\Program Files\StartNow Toolbar
C:\Program Files\StartNow Toolbar\Resources\images\btn-msn.png
C:\Program Files\StartNow Toolbar\Resources\images\chevronButton.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files\StartNow Toolbar\Resources\images\separator.png
C:\Program Files\StartNow Toolbar\Resources\images\splitter.png
C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files\StartNow Toolbar\Resources\installer.xml
C:\Program Files\StartNow Toolbar\Resources\protect\index.html
C:\Program Files\StartNow Toolbar\Resources\protect\NotIE6.css
C:\Program Files\StartNow Toolbar\Resources\protect\OnlyIE6.css
C:\Program Files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
C:\Program Files\StartNow Toolbar\Resources\protect\window.css
C:\Program Files\StartNow Toolbar\Resources\protect\window.js
C:\Program Files\StartNow Toolbar\Resources\reactivate\index.html
C:\Program Files\StartNow Toolbar\Resources\reactivate\LeftImage.png
C:\Program Files\StartNow Toolbar\Resources\reactivate\NotIE6.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\window.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\window.js
C:\Program Files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
C:\Program Files\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
C:\Program Files\StartNow Toolbar\Resources\update.xml
C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files\StartNow Toolbar\Toolbar32.dll
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\StartNow Toolbar\uninstall.dat
C:\ProgramData\Tarma Installer
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Users\Admin\AppData\Local\ApplicationHistory
C:\Users\Admin\AppData\Local\ApplicationHistory\iPodBackup.exe.b23ccb5.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\PodLift.exe.89716162.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\ToneThis.exe.4336f5ba.ini
C:\Users\Admin\AppData\Roaming\033E.F6A
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\okrm.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\rbbr.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\sewu.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\vaff.exe
C:\Users\Admin\Desktop\Search.lnk
C:\Windows\$NtUninstallKB221$
C:\Windows\$NtUninstallKB221$\3280931714
C:\Windows\system32\system


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service


((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))


2011-09-13 11:36:05 . 2011-09-13 11:36:41 -------- d-----w- C:\Program Files\FixCleaner
2011-09-12 12:08:02 . 2011-09-12 12:08:02 100864 ----a-w- C:\aglorpod.sys
2011-09-08 12:47:52 . 2011-09-08 12:47:52 -------- d-----w- C:\found.007
2011-09-04 06:11:51 . 2011-09-04 06:11:51 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2011-09-04 06:11:47 . 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-09-04 06:11:46 . 2011-09-04 06:11:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-04 06:11:43 . 2011-09-04 06:11:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-04 06:11:43 . 2011-07-06 23:52:42 22712 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-09-04 05:34:59 . 2011-09-04 05:34:59 -------- d-----w- C:\_OTL
2011-08-29 19:20:38 . 2011-09-04 05:23:39 -------- d-----w- C:\ProgramData\PC Tools
2011-08-29 02:40:04 . 2011-08-29 02:40:04 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-08-28 14:05:10 . 2011-08-28 14:05:10 -------- d-----w- C:\Users\Admin\AppData\Roaming\SmartPCTools
2011-08-28 06:17:31 . 2011-08-28 06:17:31 -------- d-----w- C:\Users\Admin\AppData\Roaming\Avira
2011-08-28 06:14:12 . 2011-08-28 13:33:18 66616 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2011-08-28 06:14:12 . 2011-08-28 13:33:18 138192 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2011-08-28 06:14:10 . 2011-08-28 06:14:10 -------- d-----w- C:\ProgramData\Avira
2011-08-28 06:14:10 . 2011-08-28 06:14:10 -------- d-----w- C:\Program Files\Avira
2011-08-28 05:51:24 . 2011-08-28 05:57:21 -------- d-----w- C:\15417789a839261edc54cc9feb88
2011-08-27 17:43:15 . 2011-08-27 17:43:19 -------- d-----w- C:\Riot Games
2011-08-27 17:18:14 . 2011-08-27 17:41:24 -------- d-----w- C:\Program Files\LeagueOfLegends
2011-08-27 05:45:44 . 2011-08-27 05:45:44 388096 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 05:45:43 . 2011-08-27 05:45:43 -------- d-----w- C:\Program Files\Trend Micro
2011-08-27 04:32:33 . 2011-09-13 11:38:29 -------- d-----w- C:\Users\Admin\AppData\Roaming\FixCleaner
2011-08-26 03:13:08 . 2011-08-26 03:13:37 -------- d-----w- C:\Users\Admin\AppData\Roaming\TS3Client
2011-08-24 22:14:59 . 2011-08-24 22:14:59 -------- d-----w- C:\Program Files\iPod
2011-08-24 13:57:31 . 2011-07-11 13:25:35 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-08-21 23:48:42 . 2011-08-21 23:48:56 -------- d-----w- C:\ProgramData\Giraffic
2011-08-21 23:48:41 . 2011-09-13 11:59:50 -------- d-----w- C:\Program Files\Giraffic
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-07 12:01:10 . 2011-05-24 00:11:10 404640 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 03:27:51 . 2010-04-21 00:03:11 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-08-07 22:49:45 . 2011-08-07 22:49:45 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54:43 . 2011-08-11 13:58:44 1797632 ----a-w- C:\Windows\system32\jscript9.dll
2011-07-22 02:48:26 . 2011-08-11 13:58:44 1126912 ----a-w- C:\Windows\system32\wininet.dll
2011-07-22 02:44:36 . 2011-08-11 13:58:46 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\Windows\system32\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\Windows\system32\dnssd.dll
2011-07-06 15:31:47 . 2011-08-11 02:55:00 214016 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 . 2011-07-05 22:37:00 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 . 2011-07-05 22:37:00 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2011-06-20 08:54:36 . 2011-08-11 02:54:37 3602832 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 . 2011-08-11 02:54:36 3550096 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 . 2011-08-11 02:54:33 905104 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 16:03:18 . 2011-08-11 02:55:04 375808 ----a-w- C:\Windows\system32\winsrv.dll
2011-09-03 06:01:45 . 2011-09-07 11:59:22 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F3D5040-D8E1-F5B4-150E-F532A5F23615}]
2011-07-03 22:15:03 1534976 ----a-w- C:\Program Files\SocialRibbons LP 1\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51:20 2695168 ----a-w- C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 14:51:20 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 14:51:20 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 07:05:18 960560]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 07:04:02 377248]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-17 21:55:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-17 21:55:36 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-17 21:55:42 137752]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 16:09:58 311296]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 19:26:48 835584]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 16:44:34 31072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 21:24:52 71216]
"VERIZONDM"="C:\Program Files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 10:59:56 206120]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 16:56:32 4318520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 11:53:33 281768]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 23:52:38 449584]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 01:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08:02 136136 ----a-w- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07:38 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 21:21:30 54832 ----a-w- C:\Program Files\Cyberlink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 20:03:34 4283256 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36:48 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11:16 2648184 ----a-w- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12:22 1652736 ----a-r- C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21:28 648072 ----a-w- C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R3 AhnFlt2k;AhnFlt2k; [x]
R3 AhnRec2k;AhnRec2k; [x]
R3 AhnRghNt;AhnRghNt; [x]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-30 19:35:12 28464]
R3 CdmDrvNt;CdmDrvNt; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 23:52:42 41272]
R3 TfNetMon;TfNetMon; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 17:16:28 753504]
R3 XDva370;XDva370; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 21:33:04 51040]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-01-10 04:45:08 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 16:55:28 64952]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 11:53:48 136360]
S2 Giraffic;Giraffic Video Accelerator;C:\Program Files\Giraffic\GirafficWatchdog.exe [2011-08-24 08:01:18 2219664]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 20:02:04 143360]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 23:52:38 366640]
S2 ServicepointService;ServicepointService;C:\Program Files\Verizon\VSP\ServicepointService.exe [2011-01-10 16:56:36 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 11:00:16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 11:00:24 185640]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-07-06 23:52:42 22712]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2008-01-30 16:25:06 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2008-01-30 16:25:06 43904]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2008-02-25 18:56:28 9344]
S3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2008-01-30 15:56:02 818688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2011-09-13 C:\Windows\Tasks\FixCleaner Scan.job
- C:\Program Files\FixCleaner\FixCleaner.exe [2011-08-12 13:10:20 . 2011-08-12 13:10:20]

2011-09-13 C:\Windows\Tasks\FixCleaner Startup.job
- C:\Program Files\FixCleaner\FixCleaner.exe [2011-08-12 13:10:20 . 2011-08-12 13:10:20]

2011-09-12 C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33:50 . 2010-11-05 16:33:50]


------- Supplementary Scan -------

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Quizulous_v2b Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Keyword Search - C:\Program Files\Keyword Search\uninstall.exe
AddRemove-StartNow Toolbar - C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\PROGRA~2\TARMAI~1\{889DF~1\Setup.exe



jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 13th September 2011, 1:19 pm

The combofix log is not complete, there is something missing at the end. Please post the rest as well.

You have not performed the un-installations that I recommended. Combofix identified the startnow toolbar as malware and killed it. I would have preferred to properly uninstall it, as indicated in one of my earlier posts.

Did you look at the Mozilla Firefix help link I proved and tried anything that was recommended there?

I want to help you get rid of the problems, but you are not helping yourself.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 3:30 pm

I believed that I had deleted most of the toolbars on the list that you have given me, but it seems somehow startnow was still installed afterwards. I have deleted AVG, all programs that I got with cracks/key gen, and Registry Doctor.
The Firefox link was a link that I had already looked at, and it did not give me any helpful solutions for the "unable to connect" page comes up on many sites. Apparently, Firefox can access those websites in Safe Mode, and many people on forums and whatnot say that it must be something to do with an extension or add-on, since Firefox supposedly works when its in Safe Mode :\.
Regarding Combofix, I selected all the text in the txt file and there seems to be no more. Should I run it again?

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 14th September 2011, 8:38 pm

My computer is experiencing intense lag at this point. When this happens, the RAM light (I think thats what it is? The picture with the cylinder next to the power light-up, and the battery light up if u understand what im trying to describe) is lit up continuously with no breaks in between (which i believe is to be normal?).

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 14th September 2011, 9:45 pm

Thank God! Due to your tad bit late response (not your fault, you have already stated in our first posts that you have your hobbies, job, and kids), I ran ComboFix again and it seemed to have fixed something, because now I can access the websites that were blocked before without a problem. Here are the results of ComboFix:
ComboFix 11-09-14.02 - Admin 09/14/2011 17:28:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1817 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
---- Previous Run -------
.
c:\program files\Downloaded Installers\{BA19D5DC-37BE-4FE5-98DB-1C35CA26592A}\setup.msi
c:\program files\Keyword Search\uninstall.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Admin\AppData\Local\ApplicationHistory\iPodBackup.exe.b23ccb5.ini
c:\users\Admin\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Admin\AppData\Local\ApplicationHistory\PodLift.exe.89716162.ini
c:\users\Admin\AppData\Local\ApplicationHistory\ToneThis.exe.4336f5ba.ini
c:\users\Admin\AppData\Roaming\033E.F6A
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\okrm.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\rbbr.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\sewu.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\vaff.exe
c:\users\Admin\Desktop\Search.lnk
c:\windows\$NtUninstallKB221$\3280931714
c:\windows\system32\system
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-14 21:37 . 2011-09-14 21:37 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-09-14 21:37 . 2011-09-14 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 23:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-12 12:08 . 2011-09-12 12:08 100864 ----a-w- C:\aglorpod.sys
2011-09-08 12:47 . 2011-09-08 12:47 -------- d-----w- C:\found.007
2011-09-04 06:11 . 2011-09-04 06:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-09-04 06:11 . 2011-09-04 06:11 -------- d-----w- c:\programdata\Malwarebytes
2011-09-04 06:11 . 2011-09-14 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 06:11 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 05:34 . 2011-09-04 05:34 -------- d-----w- C:\_OTL
2011-08-29 19:20 . 2011-09-04 05:23 -------- d-----w- c:\programdata\PC Tools
2011-08-29 02:40 . 2011-08-29 02:40 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-28 14:05 . 2011-08-28 14:05 -------- d-----w- c:\users\Admin\AppData\Roaming\SmartPCTools
2011-08-28 06:17 . 2011-08-28 06:17 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2011-08-28 06:14 . 2011-08-28 13:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-28 06:14 . 2011-08-28 13:33 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-28 06:14 . 2011-08-28 06:14 -------- d-----w- c:\programdata\Avira
2011-08-28 06:14 . 2011-08-28 06:14 -------- d-----w- c:\program files\Avira
2011-08-28 05:51 . 2011-08-28 05:57 -------- d-----w- C:\15417789a839261edc54cc9feb88
2011-08-27 17:43 . 2011-08-27 17:43 -------- d-----w- C:\Riot Games
2011-08-27 17:18 . 2011-08-27 17:41 -------- d-----w- c:\program files\LeagueOfLegends
2011-08-27 05:45 . 2011-08-27 05:45 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 05:45 . 2011-08-27 05:45 -------- d-----w- c:\program files\Trend Micro
2011-08-27 04:32 . 2011-09-14 11:57 -------- d-----w- c:\users\Admin\AppData\Roaming\FixCleaner
2011-08-26 03:13 . 2011-08-26 03:13 -------- d-----w- c:\users\Admin\AppData\Roaming\TS3Client
2011-08-24 22:14 . 2011-08-24 22:14 -------- d-----w- c:\program files\iPod
2011-08-24 13:57 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-21 23:48 . 2011-08-21 23:48 -------- d-----w- c:\programdata\Giraffic
2011-08-21 23:48 . 2011-09-14 21:18 -------- d-----w- c:\program files\Giraffic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 12:01 . 2011-05-24 00:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 03:27 . 2010-04-21 00:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-07 22:49 . 2011-08-07 22:49 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54 . 2011-08-11 13:58 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 13:58 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 13:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-06 15:31 . 2011-08-11 02:55 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-20 08:54 . 2011-08-11 02:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-11 02:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-11 02:54 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-11 02:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 06:01 . 2011-09-07 11:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F3D5040-D8E1-F5B4-150E-F532A5F23615}]
2011-07-03 22:15 1534976 ----a-w- c:\program files\SocialRibbons LP 1\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960560]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-17 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-17 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 835584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 01:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 21:21 54832 ----a-w- c:\program files\Cyberlink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 20:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnFlt2k;AhnFlt2k; [x]
R3 AhnRec2k;AhnRec2k; [x]
R3 AhnRghNt;AhnRghNt; [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-30 28464]
R3 CdmDrvNt;CdmDrvNt; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TfNetMon;TfNetMon; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva370;XDva370; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-10 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe [2011-08-24 2219664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-01-30 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-01-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-02-25 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-01-30 818688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Verizon - AOL Toolbar Search - c:\programdata\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Quizulous_v2b Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-14 17:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.avgldx86]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9A964391-F5AF-4FAD-9964-51C4ED876F20}"=hex:51,66,7a,6c,4c,1d,38,12,ff,40,85,
9e,9d,bb,c3,0a,e6,72,12,84,e8,d9,2b,34
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"=hex:51,66,7a,6c,4c,1d,38,12,6c,6f,c6,
68,7f,85,db,04,df,e8,f7,39,03,42,8f,55
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{0FBB9689-D3D7-4F7A-A2E2-585B10099BFC}"=hex:51,66,7a,6c,4c,1d,38,12,e7,95,a8,
0b,e5,9d,14,0a,dd,f4,1b,1b,15,57,df,e8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{86916F9E-4C81-42F8-9D60-4A1A54DAE898}"=hex:51,66,7a,6c,4c,1d,38,12,f0,6c,82,
82,b3,02,96,07,e2,76,09,5a,51,84,ac,8c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DA3D342F-FF20-4E31-9E82-22334155730C}"=hex:51,66,7a,6c,4c,1d,38,12,41,37,2e,
de,12,b1,5f,0b,e1,94,61,73,44,0b,37,18
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,be,e2,e6,f5,0d,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-14 17:41:29
ComboFix-quarantined-files.txt 2011-09-14 21:41
.
Pre-Run: 17,739,132,928 bytes free
Post-Run: 17,796,263,936 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2FA0F0623CE52526C0E8B4401E416BF6

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 12:03 am

I spoke too soon. I have no idea what I did, but the websites don't work anymore after I shut it down and went out for an errand. When I came back and turned the computer on, the websites did not work once again.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 15th September 2011, 7:03 am

Can you run OTL again, with a script?

  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

====================

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

====================

Also please explain again which websites are working, which not and what the differences are between running FF, chrome or IExplorer.

====================

We need to know the DNS (Domain Name Server) settings of your router.
To find out the DNS settings of your router, you will have to access your router (requiring username and password) and look up those settings.
If you don´t know how to do that, please consult the manual of the router. If you can´t locate this manual, you can try:
  • To download the manual at the website of the router´s manufacturer.
  • Consult [You must be registered and logged in to see this link.]. It will explain for various brands of routers how to change DNS settings (Don´t actually change anything! Just list the IP addresses that your router reports as DNS servers).

An example of what we are looking for:

In the above example, you would report to me "208.67.222.222" and "208.67.220.220".

If you don´t find the option of DNS servers, depending on the type of router, you might have to look under an option called "DHCP Server" and find the settings for the DNS servers, which by some routers is called "Static DNS".

Please let me know if you run into any kind of trouble.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:30 am

Here is the Kaspersky TDSSKiller Report along with the DNS info:
DNS (The 2 "numbers" were listed under "DNS Server" and was not differentiated like in your previous post as Primary and Secondary :
71.252.0.12 (First number in the list, so I assume this was the primary)
71.242.0.12 (Secondary?)
Kaspersky:
2011/09/15 07:21:11.0988 5816 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 07:21:12.0106 5816 ================================================================================
2011/09/15 07:21:12.0106 5816 SystemInfo:
2011/09/15 07:21:12.0106 5816
2011/09/15 07:21:12.0106 5816 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/15 07:21:12.0106 5816 Product type: Workstation
2011/09/15 07:21:12.0106 5816 ComputerName: ADMIN-PC
2011/09/15 07:21:12.0106 5816 UserName: Admin
2011/09/15 07:21:12.0106 5816 Windows directory: C:\Windows
2011/09/15 07:21:12.0106 5816 System windows directory: C:\Windows
2011/09/15 07:21:12.0106 5816 Processor architecture: Intel x86
2011/09/15 07:21:12.0106 5816 Number of processors: 2
2011/09/15 07:21:12.0106 5816 Page size: 0x1000
2011/09/15 07:21:12.0106 5816 Boot type: Normal boot
2011/09/15 07:21:12.0106 5816 ================================================================================
2011/09/15 07:21:20.0975 5816 Initialize success
2011/09/15 07:21:28.0658 4560 ================================================================================
2011/09/15 07:21:28.0658 4560 Scan started
2011/09/15 07:21:28.0658 4560 Mode: Manual;
2011/09/15 07:21:28.0658 4560 ================================================================================
2011/09/15 07:21:30.0005 4560 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/15 07:21:30.0272 4560 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/15 07:21:30.0633 4560 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/15 07:21:30.0812 4560 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/15 07:21:31.0017 4560 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/15 07:21:31.0315 4560 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/15 07:21:31.0598 4560 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/15 07:21:32.0036 4560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/15 07:21:32.0407 4560 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/15 07:21:32.0492 4560 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/15 07:21:32.0795 4560 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/15 07:21:32.0941 4560 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/15 07:21:33.0066 4560 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/15 07:21:33.0445 4560 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/15 07:21:33.0689 4560 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/15 07:21:34.0072 4560 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/15 07:21:34.0119 4560 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/15 07:21:34.0493 4560 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/15 07:21:34.0908 4560 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/15 07:21:35.0387 4560 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/15 07:21:35.0558 4560 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/15 07:21:35.0718 4560 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/15 07:21:35.0841 4560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/15 07:21:36.0052 4560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/15 07:21:36.0255 4560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/15 07:21:36.0329 4560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/15 07:21:36.0404 4560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/15 07:21:36.0457 4560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/15 07:21:36.0537 4560 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/15 07:21:36.0812 4560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/15 07:21:37.0310 4560 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/15 07:21:37.0675 4560 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/15 07:21:38.0004 4560 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/15 07:21:38.0106 4560 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2011/09/15 07:21:38.0731 4560 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2011/09/15 07:21:39.0102 4560 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/15 07:21:39.0238 4560 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/15 07:21:39.0774 4560 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/15 07:21:39.0831 4560 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/15 07:21:40.0153 4560 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/15 07:21:40.0396 4560 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/15 07:21:40.0700 4560 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/15 07:21:41.0081 4560 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/15 07:21:41.0254 4560 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/15 07:21:41.0303 4560 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/15 07:21:41.0373 4560 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/15 07:21:41.0466 4560 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/15 07:21:41.0897 4560 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/15 07:21:42.0349 4560 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/15 07:21:42.0819 4560 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/15 07:21:42.0943 4560 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/15 07:21:43.0251 4560 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/15 07:21:43.0439 4560 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/15 07:21:43.0607 4560 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/15 07:21:43.0784 4560 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/15 07:21:43.0861 4560 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/15 07:21:43.0982 4560 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/15 07:21:44.0195 4560 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/15 07:21:44.0227 4560 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/15 07:21:44.0288 4560 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/15 07:21:44.0322 4560 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/15 07:21:44.0375 4560 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/15 07:21:44.0624 4560 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/15 07:21:44.0661 4560 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/15 07:21:44.0753 4560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/15 07:21:44.0982 4560 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/09/15 07:21:45.0152 4560 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 07:21:45.0352 4560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/15 07:21:45.0395 4560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/15 07:21:45.0454 4560 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/15 07:21:45.0600 4560 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/15 07:21:45.0718 4560 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/15 07:21:45.0874 4560 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/15 07:21:46.0005 4560 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/15 07:21:46.0139 4560 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/15 07:21:46.0239 4560 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/15 07:21:46.0313 4560 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/15 07:21:46.0432 4560 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/15 07:21:46.0771 4560 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/15 07:21:46.0984 4560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/15 07:21:47.0082 4560 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/15 07:21:47.0271 4560 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/15 07:21:47.0352 4560 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 07:21:47.0563 4560 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/15 07:21:47.0611 4560 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/15 07:21:47.0657 4560 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/15 07:21:47.0967 4560 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/15 07:21:48.0051 4560 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/15 07:21:48.0310 4560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/15 07:21:48.0353 4560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/15 07:21:48.0398 4560 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/15 07:21:48.0500 4560 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/15 07:21:48.0702 4560 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/15 07:21:49.0023 4560 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/15 07:21:49.0131 4560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/15 07:21:49.0352 4560 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/15 07:21:49.0414 4560 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/15 07:21:49.0456 4560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/15 07:21:49.0714 4560 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/15 07:21:50.0062 4560 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/15 07:21:50.0142 4560 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/15 07:21:50.0270 4560 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/15 07:21:50.0489 4560 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/15 07:21:50.0584 4560 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/15 07:21:50.0623 4560 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/15 07:21:50.0785 4560 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/15 07:21:50.0874 4560 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/15 07:21:50.0916 4560 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/15 07:21:51.0111 4560 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/15 07:21:51.0179 4560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/15 07:21:51.0400 4560 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/15 07:21:51.0787 4560 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/15 07:21:51.0905 4560 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/15 07:21:52.0023 4560 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 07:21:52.0135 4560 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 07:21:52.0333 4560 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 07:21:52.0480 4560 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/15 07:21:52.0600 4560 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/15 07:21:52.0735 4560 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/15 07:21:52.0871 4560 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/15 07:21:52.0912 4560 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/15 07:21:53.0061 4560 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/15 07:21:53.0210 4560 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/15 07:21:53.0306 4560 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/15 07:21:53.0348 4560 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/15 07:21:53.0536 4560 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/15 07:21:53.0593 4560 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/15 07:21:53.0702 4560 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/15 07:21:53.0908 4560 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/15 07:21:54.0190 4560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/15 07:21:54.0250 4560 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/15 07:21:54.0416 4560 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/15 07:21:54.0534 4560 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/15 07:21:54.0686 4560 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/15 07:21:54.0880 4560 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/15 07:21:55.0372 4560 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/15 07:21:55.0730 4560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/15 07:21:55.0797 4560 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/15 07:21:56.0013 4560 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/15 07:21:56.0117 4560 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/15 07:21:56.0410 4560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/15 07:21:56.0475 4560 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/15 07:21:56.0711 4560 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/15 07:21:56.0763 4560 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/15 07:21:56.0837 4560 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/15 07:21:57.0316 4560 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/15 07:21:57.0447 4560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/15 07:21:57.0640 4560 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/15 07:21:57.0746 4560 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/15 07:21:57.0898 4560 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/15 07:21:57.0979 4560 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/15 07:21:58.0102 4560 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/15 07:21:58.0329 4560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/15 07:21:58.0618 4560 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/15 07:21:58.0656 4560 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/15 07:21:58.0722 4560 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/15 07:21:59.0068 4560 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/15 07:21:59.0314 4560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/15 07:21:59.0358 4560 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/15 07:21:59.0443 4560 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/15 07:21:59.0594 4560 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/15 07:21:59.0640 4560 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/15 07:21:59.0699 4560 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 07:21:59.0968 4560 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/15 07:22:00.0107 4560 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/15 07:22:00.0383 4560 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/15 07:22:00.0522 4560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 07:22:00.0758 4560 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/15 07:22:00.0933 4560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/15 07:22:01.0129 4560 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/15 07:22:01.0294 4560 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/15 07:22:01.0487 4560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/15 07:22:01.0645 4560 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/15 07:22:01.0775 4560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/15 07:22:01.0880 4560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/15 07:22:02.0049 4560 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/15 07:22:02.0124 4560 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/15 07:22:02.0184 4560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/15 07:22:02.0333 4560 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/15 07:22:02.0472 4560 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/15 07:22:02.0514 4560 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/15 07:22:02.0891 4560 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/15 07:22:03.0231 4560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/15 07:22:03.0474 4560 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/15 07:22:03.0566 4560 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/15 07:22:03.0639 4560 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/15 07:22:03.0894 4560 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/15 07:22:03.0966 4560 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
2011/09/15 07:22:04.0125 4560 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/15 07:22:04.0342 4560 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/15 07:22:04.0342 4560 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/15 07:22:04.0349 4560 sptd - detected LockedFile.Multi.Generic (1)
2011/09/15 07:22:04.0588 4560 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/15 07:22:04.0682 4560 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/15 07:22:04.0946 4560 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/15 07:22:05.0027 4560 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/15 07:22:05.0281 4560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/15 07:22:05.0455 4560 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/15 07:22:05.0615 4560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/15 07:22:05.0793 4560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/15 07:22:06.0024 4560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/15 07:22:06.0165 4560 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/15 07:22:06.0568 4560 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/15 07:22:07.0012 4560 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/15 07:22:07.0282 4560 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/15 07:22:07.0406 4560 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/15 07:22:07.0646 4560 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\Windows\system32\DRIVERS\tdrpm174.sys
2011/09/15 07:22:07.0923 4560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/15 07:22:07.0983 4560 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/15 07:22:08.0141 4560 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/15 07:22:09.0120 4560 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2011/09/15 07:22:09.0368 4560 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/09/15 07:22:09.0425 4560 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
2011/09/15 07:22:09.0774 4560 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 07:22:09.0880 4560 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/15 07:22:10.0051 4560 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/15 07:22:10.0157 4560 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/15 07:22:10.0493 4560 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/15 07:22:10.0841 4560 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/15 07:22:11.0222 4560 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/15 07:22:11.0493 4560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/15 07:22:11.0644 4560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/15 07:22:11.0897 4560 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/15 07:22:11.0987 4560 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/15 07:22:12.0036 4560 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/15 07:22:12.0161 4560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/15 07:22:12.0244 4560 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/15 07:22:12.0312 4560 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/15 07:22:12.0423 4560 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/15 07:22:12.0497 4560 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/15 07:22:12.0538 4560 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 07:22:12.0586 4560 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/15 07:22:12.0643 4560 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/15 07:22:12.0784 4560 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/15 07:22:12.0876 4560 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/15 07:22:12.0922 4560 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/15 07:22:12.0962 4560 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/15 07:22:13.0070 4560 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/15 07:22:13.0109 4560 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/15 07:22:13.0165 4560 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/15 07:22:13.0225 4560 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/15 07:22:13.0347 4560 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/15 07:22:13.0411 4560 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/15 07:22:13.0474 4560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/15 07:22:13.0527 4560 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 07:22:13.0546 4560 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 07:22:13.0665 4560 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/09/15 07:22:13.0725 4560 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/15 07:22:13.0785 4560 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/15 07:22:14.0096 4560 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/15 07:22:14.0423 4560 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/15 07:22:14.0570 4560 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/15 07:22:14.0842 4560 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/15 07:22:14.0929 4560 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 07:22:15.0070 4560 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/15 07:22:15.0239 4560 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/09/15 07:22:15.0311 4560 MBR (0x1B8) (48e4fb73037ed2932d5e6bde31e6ee60) \Device\Harddisk0\DR0
2011/09/15 07:22:15.0315 4560 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/15 07:22:15.0338 4560 Boot (0x1200) (a64fbb2fecebf87d3f6989199ff00713) \Device\Harddisk0\DR0\Partition0
2011/09/15 07:22:15.0369 4560 Boot (0x1200) (1c0b528129dc4023e3636664cc1ded10) \Device\Harddisk0\DR0\Partition1
2011/09/15 07:22:15.0374 4560 ================================================================================
2011/09/15 07:22:15.0374 4560 Scan finished
2011/09/15 07:22:15.0374 4560 ================================================================================
2011/09/15 07:22:15.0388 3996 Detected object count: 2
2011/09/15 07:22:15.0388 3996 Actual detected object count: 2
2011/09/15 07:22:28.0278 3996 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/15 07:22:28.0369 3996 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/15 07:22:28.0369 3996 \Device\Harddisk0\DR0 - ok
2011/09/15 07:22:28.0370 3996 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:32 am

Here is the OTL log you requested:
OTL logfile created on: 9/15/2011 7:20:26 AM - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.31% Memory free
6.18 Gb Paging File | 4.61 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 15.38 Gb Free Space | 18.52% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 6.36 Gb Free Space | 50.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 08:01:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 07:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 07:53:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/09/13 00:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/09/11 20:56:52 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/05 23:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/05 23:27:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/09/14 17:37:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 07:20:33 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/09/14 17:41:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/14 17:41:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/14 17:41:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2011/09/14 17:27:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/14 09:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Durarara
[2011/09/13 18:16:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Anime
[2011/09/13 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fashion Inspiration
[2011/09/13 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Shinkyoku Soukai Polyphonica S2
[2011/09/13 07:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/13 07:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/13 07:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/13 07:50:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/13 07:50:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/13 07:43:23 | 004,209,769 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/12 08:08:02 | 000,100,864 | ---- | C] (GMER) -- C:\aglorpod.sys
[2011/09/08 08:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/08 08:47:52 | 000,000,000 | ---D | C] -- C:\found.007
[2011/09/05 23:28:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 02:11:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/09/04 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/04 02:11:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/04 02:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 01:34:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fixing the Comp
[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic

========== Files - Modified Within 30 Days ==========

[2011/09/15 07:20:35 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 07:10:24 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 00:36:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/14 23:25:59 | 001,213,468 | ---- | M] () -- C:\Users\Admin\Desktop\dmv39.pdf
[2011/09/14 18:25:52 | 231,889,236 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/14 17:37:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/14 17:27:19 | 004,209,769 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/14 17:16:20 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 17:53:59 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/13 17:53:59 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/12 21:59:45 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/12 08:13:58 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
[2011/09/12 08:08:02 | 000,100,864 | ---- | M] (GMER) -- C:\aglorpod.sys
[2011/09/12 08:06:53 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/09/11 20:59:50 | 000,008,301 | ---- | M] () -- C:\Users\Admin\Desktop\276001_740789936_120149666_n.jpg
[2011/09/07 08:01:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/07 07:59:26 | 000,000,830 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 23:46:48 | 000,053,757 | ---- | M] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/05 23:27:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/05 23:27:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 17:51:40 | 000,012,979 | ---- | M] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 09:57:05 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 18:35:19 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 13:18:30 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

========== Files Created - No Company Name ==========

[2011/09/14 23:25:59 | 001,213,468 | ---- | C] () -- C:\Users\Admin\Desktop\dmv39.pdf
[2011/09/14 18:25:52 | 231,889,236 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/13 07:50:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/13 07:50:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/13 07:50:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/13 07:50:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/13 07:50:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/12 21:59:45 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/12 08:13:58 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
[2011/09/12 08:06:53 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/09/11 20:59:50 | 000,008,301 | ---- | C] () -- C:\Users\Admin\Desktop\276001_740789936_120149666_n.jpg
[2011/09/07 07:59:25 | 000,000,830 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 23:46:48 | 000,053,757 | ---- | C] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/04 17:51:40 | 000,012,979 | ---- | C] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 18:36:42 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 13:18:30 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/09/14 17:27:19 | 004,209,769 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/12 08:06:53 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/09/15 07:20:35 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/03 02:01:45 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/03 02:01:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/03 02:01:45 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2010/01/10 00:45:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2009/11/28 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/06/16 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/21 11:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2011/04/18 01:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/08/29 15:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Antbar
[2010/01/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/08 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/06 23:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/08/28 02:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/05/26 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/26 23:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2010/12/16 00:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/08/06 13:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/11 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/09/14 17:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/28 19:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/27 12:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2011/01/18 22:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Daum
[2011/08/20 12:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2011/05/26 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/05/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Hide Folder
[2011/07/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/09/15 07:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Giraffic
[2009/12/02 06:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2011/05/24 19:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2011/08/27 13:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/28 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/24 18:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/25 21:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Access for Windows
[2009/11/30 07:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Copier 1.0
[2011/08/24 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/01 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/09 16:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2009/11/29 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\JoinSaw
[2011/08/27 13:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\LeagueOfLegends
[2011/09/14 17:17:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 07:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/16 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/28 19:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/09 06:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 18:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 11:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/13 07:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/07 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/11/28 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2010/10/30 21:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/06 13:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/01/01 01:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/06 02:20:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/07/03 18:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\SocialRibbons LP 1
[2011/02/20 00:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Solveig Multimedia
[2009/11/28 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/08/11 10:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/11/28 19:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/08/09 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/06 00:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2009/11/29 21:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\ToneThis
[2011/08/27 01:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/12 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/09 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/03/29 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2011/02/10 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/07 16:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon - AOL Toolbar
[2010/11/22 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2010/01/07 16:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/29 21:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/11/28 19:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:34 am

Here is Part 2 of OTL.txt, along with the Extra.txt
[2009/11/30 17:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/30 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/07 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/09/13 19:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/12/01 02:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/30 17:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/29 21:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/29 21:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/11/29 21:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/03 18:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-13 23:47:51

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

< End of report >
OTL Extras logfile created on: 9/15/2011 7:20:26 AM - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.31% Memory free
6.18 Gb Paging File | 4.61 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 15.38 Gb Free Space | 18.52% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 6.36 Gb Free Space | 50.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3D323-AE69-4DE2-B20F-ACCD952022AA}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{0B437597-91EF-42A3-BEC6-D43CBA9222E0}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBF5271-DA8D-4564-967C-8245F4AFC4AF}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{1099C141-8C65-4FCE-AE4F-D063BB1EB89B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{10DA03A8-274C-4DD6-85D0-1CC6766CAAF6}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{12412044-A9F3-4037-BC49-677FD3972556}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{13483F27-4AAF-4235-A32B-2DE9C19EFBA8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{13E87C8A-F3B4-417E-AA61-9F23EB0873BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{159837C9-F3DD-45DC-9483-307B67E4E10D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{165993D4-4D63-4531-903F-F1E916BB8384}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{173B904F-A81A-4B55-9F42-65C2307AF996}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{183FEC8C-88F1-41F7-80E9-C09E0F381913}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{190093A6-614D-4A09-96B6-2AB1A1118444}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{190DB5F1-9AA2-4A88-A516-A71667196A02}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{1E5ED2CF-72CB-4909-8ADC-A29828AC95A3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{1E97B74A-B4A6-43ED-9D69-ED6B4500060E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{1F91D7E5-53D4-4362-A312-90E482C2A841}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21D2777A-40CD-47D6-B46D-8A6D4D8A6427}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{23146826-E32C-47BF-BEA4-E7B2A44A126A}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{23A52D61-64B0-4C5F-884C-2F78DCC776F6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{25E3EE3D-9957-4AA7-812B-4CE3FC2BEB50}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279260E5-FEF1-4DB7-B866-2CE073445A00}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{29B04333-9197-4E2B-9EDF-6C95AAFB3D8B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{2C52FFEA-719E-45AC-BE84-C88F424D0C64}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{2C750EA4-FA4E-41CD-9CAE-96A57512922F}" = lport=445 | protocol=6 | dir=in | app=system |
"{319615F0-7C04-4D39-9D1F-383B0579A388}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{31B8E44A-F45C-4B6E-AB3B-E03920840ABE}" = rport=138 | protocol=17 | dir=out | app=system |
"{339128DA-2C68-442F-9B62-4CC245DC5CF2}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{33B09F2B-3247-4851-B1C5-8B6677BEF614}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{35A8FD7D-C834-49FF-BCD5-75CE6514853E}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{37288CCB-70A9-4210-933E-43D867DB5385}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{375745D7-220F-4A3F-905D-7E4440DAC2B7}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{39D89762-3F9F-41E2-B3FC-E2FCA2FAA8DF}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{3A5215C0-225C-4708-ACFD-B2E81BFB0B32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{3A54002D-1F39-474F-91B6-FA7235ED00A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF7E628-326A-4A6F-89FD-CBD0DEFED23A}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{3BB38632-7C07-4A8D-98E1-36105981F5CB}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{404431FF-962B-462F-A7EB-A97A6180F2F1}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{40A0A23D-C8AC-4BD4-80C5-FC7469509B45}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{40A90B69-094D-43F3-8856-C5A00E00515E}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{442A4B0D-5A61-415B-B348-90A3F189003F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{455355F8-B43C-4F12-97A6-D656995DA4CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46B0C7D6-3C7D-496B-97DF-F54BA880FA09}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{470B7EDE-EE29-4E60-A81B-619BA6C63583}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{4A3A0410-A36F-46F9-9C96-37E69677DAC5}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{4B06C6E8-1CEF-427B-996A-727D93AD3BD1}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{4B90E19A-4172-46FD-8508-D4DA4AA5ECE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D0FFFC2-802C-406C-8D05-02E948E55FF1}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{4D94FCF6-ECA4-4A4C-A534-BD865B5C6CB2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DCC247D-90E1-470C-AEA0-DC3094059E3C}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{4F0179D7-2EAB-4C05-92CB-09EF741E7DFC}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{4FC9CF35-609E-40A0-85A1-5B1FA5DFEDA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50CBDF4C-CFFF-4066-8F66-5A94509B473D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{51FB9642-1DA8-47A0-9EF9-71C54685A667}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{54EA3E4C-AF1A-4F0A-B059-2FAF09F04B07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D5542D-DBFE-4364-B229-6D6A03A4A756}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher |
"{56E08EDF-6FAD-40EB-82C4-CA08CF13BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57236925-6ACB-4AD4-A260-EA5E896F9A0C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5278EF-D558-4610-B277-1B79E233D2AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5ADE2B52-F095-4A30-8973-AF770706A098}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{5D4D7938-6AF8-49D8-B383-7382BA2FF027}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{5E0F8E79-6597-4E42-A00B-937A9BD1F81D}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{5F1FAD54-88FF-4BD1-A9AD-B798E4728965}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |
"{5F5C2F26-4046-4DD2-AB47-13A5CE45CE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69038CCF-006D-44C0-B237-336DD2B582A1}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{69194A7D-6E07-45D4-B74E-AAEEAAEC9160}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{699CFBAF-F787-4CA5-818D-212E0FEC9BB4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{6B46DD77-8662-4EAF-B256-E91C41922D9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C17F023-650E-4EBC-96C4-B0C84BC906C4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{6E880397-5FEC-4C74-88A1-D3BA1391A733}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{6E9470F1-C8CE-4AC8-B5B6-7018C590BC70}" = lport=138 | protocol=17 | dir=in | app=system |
"{7374D1D9-C807-4ECC-AB06-3847E7B41693}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{76989483-6CB1-4877-A5DC-808BA02FE60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76E9FDB7-6CA9-4DD5-B0CF-59C98B28B7EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7757FE35-6D4A-4F09-ADCC-9A27BA52EEFD}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{794A3C33-A9CD-46C5-9A55-97E6DE532E73}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{795D5D37-8A20-4DC1-9D9E-B318E7FDFAF9}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{7E654170-7387-4BA3-8433-D9D4CC1EFB02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{813A9B45-D3B1-4A6D-9209-7C11318CA0FC}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{81AEA6C0-B5FD-41CF-AEB7-532760B0F165}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{84B13428-C3D4-4E25-AC13-38EB091DC467}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{88BB4695-5A68-46E1-B73B-8224391DFD0B}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{88CAB7E9-7884-4CBC-8228-35A416D5C18E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{8B9EC83C-5769-444B-9490-11A236CBE83F}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{8C52F557-3FD4-4059-82F1-7536A5CCF2E7}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{90FC84BB-9604-4FC6-AA58-42459DF24E7A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{939E5701-E8C9-45AE-8100-68522DEE4C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95BA6732-3EB9-43CD-AD2B-A92F4FFC53FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97524C56-CFE7-46B8-AB10-E3E23FB9D9D9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{980DE2E7-4E66-4B2A-94C8-2B24FE521710}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{997141F6-1DC9-41FB-A3D8-B4C3C3B43ABF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9BD81228-B8AF-4729-9D94-EC39F9023094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DF7D15E-EE1D-4110-B7C2-27F04EC67216}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C28F9-3D30-499F-88E7-B2C1F0191F80}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{9E601724-B8DE-4200-9545-90AAE42E57FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A024A2A9-4FD7-41B4-BB7F-1C9C1B68214B}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{A46800FC-E0BE-4F5D-B871-DA551E1C2347}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A5638083-6918-4BFA-BF52-6357E514792C}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{A701BE5E-87CA-4036-BCDC-D769816FBACB}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8F32150-09E3-46D8-BA43-79F3579888DA}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{A97990D9-53FF-417B-A63E-97211678CC4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4EB7DC-9E0D-4325-9DE9-5A55AB1D1421}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{AEAFFBFC-363D-46A0-969A-B74CE8B453F3}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4206F9-4544-47B9-B0BB-7790FE40C970}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{B12C9047-6FBD-4517-B07C-3E01E54A5129}" = lport=49309 | protocol=6 | dir=in | name=akamai netsession interface |
"{B23BAECD-5057-4719-8BB1-183C92F69185}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530D81E-D7C9-4D52-994E-05C33084E62A}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{B8538551-3AA1-4586-9C35-7EAEB1320A81}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{B89ADA89-D1A2-439D-A3C6-A0CC778561C7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{BDBEC5EB-12D7-4B3C-AA0A-57615F40AE38}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{C232EB13-277F-4E64-B626-B753D100814A}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{C2AAA4EF-7AF5-44D4-9A0C-C3E1E18EB183}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{C386B2D5-2FDC-464C-9D9B-A265CB5C2539}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{C645F34C-FE6F-4E98-A287-A7F8BEFBB275}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{C90AA3F7-CF70-4F06-A8B4-B1F6BF1448A0}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{CC60E6A5-737A-4906-8992-72378B712488}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{CEF3EE49-D9F1-4584-91BE-FC687498433F}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher |
"{D112D3C9-288E-420A-8A9F-345AD69C510F}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{D1E551C1-A721-4EC1-AD8A-B8A552BE9C01}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{D1EDAD76-FE38-446A-BC62-25559DA8A20D}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{D23C8CF6-0E0D-4749-A41A-64577D550DA1}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D449411C-E9EC-4B46-8117-827A1A749AD2}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{D45E0D78-74AB-4EC0-8671-F85C8A63413F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D503811E-A8E1-4AB9-903B-585CF3ADBDBC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D5725A21-5C09-44E4-82FA-DBC721203675}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{D5BFE526-02F8-4A57-B0C2-4B6B37496914}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{D617BB75-A207-4E46-9B16-E42AA65BB87D}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D6912923-1DF6-458C-9A0D-788703D75DA7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{D8899722-DC18-40CC-9750-8FF7A2488FC1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{DCE1BA94-471A-4DA2-B712-2594A9A33A0E}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{DDBB8C43-3DC1-4362-98CF-1FDE043F399E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F041061E-5215-44DC-B6F5-474A3B39B4AC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{F3C31069-07F5-4372-8089-EE0389E9964B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5815EFE-E650-43AE-9661-2038DADFC880}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{F7922FFB-CBC8-474D-ACAD-A2D7B688C550}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F867D1CC-715E-41F8-8DF7-D5BD70027605}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{FB9298C3-5001-466F-8FA3-9A1D8E76A0F7}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{FD8D6D24-47FF-493D-9084-B0C0CAA1D93F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{FE7B498F-8E99-4CBD-9887-09897873901B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{FF4C0E11-1CA3-4A1D-9865-0CC77CF7B14C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FF6C43B0-DE05-4E5F-BED7-F1E6DB06CE42}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA16D-755D-4E9C-9832-9090EF6A7ADD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C43F356-6C53-42D3-B0DA-287B59BF23B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{107847FD-907A-4DE0-80C0-AD15D3A1BB9F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11A645F6-16F6-4FA5-A44D-E1997D572104}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15007A92-3C24-4E92-81C6-A5C8FC46B61A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29165D34-2BD2-45BE-BBAA-35D96A79FCA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3092CD86-98D1-4233-8368-EE6CA0BB3748}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3AD2F8EB-2A45-4961-B768-A49AB6A65927}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{42BE5386-FDD7-4223-9888-277DB3D3DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{478BCCF8-FE7E-4E29-ACE0-E11DD4143109}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488C3249-6CF3-4F75-B34F-A5C9E69D311D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B42CC87-61D2-4799-90E4-0550499BBA32}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CC85903-88C0-4BAD-A660-25A4836E50EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{533039FE-52B0-4B8F-8853-59451DCA2F72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{575A2FE7-D75B-4172-9F56-5B2248D776A0}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{5870BD9C-BF07-44B2-B75B-0D3FDE4B9DB9}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{5CB28A0F-267F-4C0E-8238-74DBFC373500}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5DB7E2B1-FBEA-4956-832A-45E082DFF3A7}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6DA9C81F-C01F-4DB4-BBA8-60D91AF59EEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{737221E6-84BA-42A9-AFD1-3D8C549A3DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C0A1EE6-5372-4F01-A657-BC4C00C23B3C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7E784AEE-9644-4F1B-88DA-BE8F8A1DC872}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8628E406-BDD7-4E8A-939F-76EDAF978B82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B02DB57-3090-47D0-B382-692785A0D670}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{944845B5-F603-45FB-9311-A97335DF2BCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9723D8EB-F55A-4038-BE41-8F773554ECA9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{979DF4DF-58D1-4D46-9FF4-644373D6771A}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9BE02B71-4EA7-4EAD-8B52-727B956E58D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A2892120-330B-488F-B327-CC701287E30A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4070725-CE07-4808-8BB5-02148A4F568D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAF6FFF4-D180-4B51-BABE-C5A2FFC8705A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2ABDD43-C8B8-4EBE-B810-3464ECE1D604}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F42550-EDF8-4B4F-A0A7-B94118EC95D4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C2DA1FA0-A126-41B3-B593-777B34DD04F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C350AD24-59C6-4F46-90AB-BB18453273EE}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{C6EEE6A8-78C6-44A0-86FA-77D094F9A501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CFFFFECB-85EE-4D02-BE1D-97D53EA659BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D61E30C9-1A22-44F9-AF5A-521FDBF182C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E0D31C3B-985A-4C80-97D8-C355E83175CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0F62584-5F8C-4B2D-A817-F2C19B2B4249}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{E5956A52-2F57-4A1F-A750-40F0D05943B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE37BF2A-E961-4043-B1C8-D070172EBC24}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{FADFB46C-298C-4081-8E14-1FD635714E89}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FB915FAF-237F-42AE-AD1A-18C11A4AB4F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FD4F45A6-D41B-4767-B0C4-6D0602E365E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FE14BABD-B1B1-4FD4-80A2-51D00DD8205E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF5EFFFB-5F7C-4EB9-8D44-75444652CC58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0D83FA58-36B4-45B5-AA7F-C8CA485FD7A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{1416E23D-9E10-4C07-8EA4-6D4EFA9B3F57}I:\techwizard.exe" = protocol=6 | dir=in | app=i:\techwizard.exe |
"TCP Query User{8460E902-AEBD-4A36-AEC5-F4431D7B9549}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{AE553DD2-4BEE-48DD-85F4-D364E1120831}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F7AF3BB6-586F-4F88-AAA2-F7F8E9B23B0D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{41C33E99-5FA7-4260-80A2-D034DF4F8884}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{67C8C370-6DCB-4CB3-BB75-ECA5121E71FB}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{71950748-4285-4CC2-9457-956C98A52C84}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9D513242-3561-4D05-9921-68E8C74B64C8}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B75D48F9-4303-488E-9354-4B589B4BF954}I:\techwizard.exe" = protocol=17 | dir=in | app=i:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 3.1_is1" = AVS Video Editor 3.1.1.93
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DemoApp" = Fast File Saw & Joiner V3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Hide Folder" = Free Hide Folder
"Free Video Dub_is1" = Free Video Dub version 1.8.11.426
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Giraffic" = Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"iPod Access for Windows_is1" = iPod Access for Windows v4.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"SocialRibbons LP 1" = SocialRibbons LP 1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"ToneThis" = ToneThis
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Verizon - AOL Toolbar" = Verizon - AOL Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2011 6:27:35 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2011 10:46:15 PM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/14/2011 10:54:43 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2011 11:42:18 PM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/14/2011 11:46:03 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 12:04:06 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 7:23:02 AM | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 9/15/2011 7:23:02 AM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 11/29/2009 9:02:11 PM | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 9/14/2011 11:48:02 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 15th September 2011, 11:44 am

ALLRIGHT

TDSSKiller found a MBR rootkit, which other tools did not.

Please rerun TDSSKiller and post the log and the same for aswMBR.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 7:28 pm

Here are the results for TDSSKiller and aswMBR, respectively:

TDSSKiller:
2011/09/15 15:07:24.0231 3448 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 15:07:24.0367 3448 ================================================================================
2011/09/15 15:07:24.0367 3448 SystemInfo:
2011/09/15 15:07:24.0367 3448
2011/09/15 15:07:24.0367 3448 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/15 15:07:24.0367 3448 Product type: Workstation
2011/09/15 15:07:24.0367 3448 ComputerName: ADMIN-PC
2011/09/15 15:07:24.0367 3448 UserName: Admin
2011/09/15 15:07:24.0367 3448 Windows directory: C:\Windows
2011/09/15 15:07:24.0367 3448 System windows directory: C:\Windows
2011/09/15 15:07:24.0367 3448 Processor architecture: Intel x86
2011/09/15 15:07:24.0367 3448 Number of processors: 2
2011/09/15 15:07:24.0367 3448 Page size: 0x1000
2011/09/15 15:07:24.0367 3448 Boot type: Normal boot
2011/09/15 15:07:24.0367 3448 ================================================================================
2011/09/15 15:07:42.0374 3448 Initialize success
2011/09/15 15:07:45.0308 4052 ================================================================================
2011/09/15 15:07:45.0308 4052 Scan started
2011/09/15 15:07:45.0308 4052 Mode: Manual;
2011/09/15 15:07:45.0308 4052 ================================================================================
2011/09/15 15:07:46.0074 4052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/15 15:07:46.0384 4052 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/15 15:07:46.0549 4052 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/15 15:07:46.0645 4052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/15 15:07:46.0760 4052 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/15 15:07:46.0905 4052 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/15 15:07:47.0119 4052 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/15 15:07:47.0446 4052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/15 15:07:47.0639 4052 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/15 15:07:47.0746 4052 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/15 15:07:48.0016 4052 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/15 15:07:48.0362 4052 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/15 15:07:48.0498 4052 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/15 15:07:48.0733 4052 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/15 15:07:49.0054 4052 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/15 15:07:49.0193 4052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/15 15:07:49.0329 4052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/15 15:07:49.0492 4052 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/15 15:07:49.0565 4052 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/15 15:07:49.0853 4052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/15 15:07:50.0213 4052 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/15 15:07:50.0472 4052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/15 15:07:50.0540 4052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/15 15:07:50.0729 4052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/15 15:07:50.0887 4052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/15 15:07:51.0195 4052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/15 15:07:51.0236 4052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/15 15:07:51.0367 4052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/15 15:07:51.0469 4052 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/15 15:07:51.0555 4052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/15 15:07:51.0631 4052 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/15 15:07:51.0831 4052 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/15 15:07:51.0892 4052 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/15 15:07:51.0961 4052 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2011/09/15 15:07:52.0119 4052 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2011/09/15 15:07:52.0179 4052 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/15 15:07:52.0237 4052 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/15 15:07:52.0518 4052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/15 15:07:52.0630 4052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/15 15:07:52.0674 4052 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/15 15:07:52.0740 4052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/15 15:07:52.0921 4052 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/15 15:07:52.0980 4052 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/15 15:07:53.0042 4052 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/15 15:07:53.0113 4052 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/15 15:07:53.0206 4052 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/15 15:07:53.0342 4052 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/15 15:07:53.0440 4052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/15 15:07:53.0514 4052 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/15 15:07:53.0618 4052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/15 15:07:53.0820 4052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/15 15:07:53.0916 4052 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/15 15:07:54.0083 4052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/15 15:07:54.0162 4052 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/15 15:07:54.0249 4052 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/15 15:07:54.0406 4052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/15 15:07:54.0514 4052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/15 15:07:54.0605 4052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/15 15:07:54.0699 4052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/15 15:07:54.0752 4052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/15 15:07:54.0822 4052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/15 15:07:54.0914 4052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/15 15:07:55.0090 4052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/15 15:07:55.0233 4052 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/15 15:07:55.0483 4052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/15 15:07:55.0775 4052 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/09/15 15:07:55.0896 4052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 15:07:55.0973 4052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/15 15:07:56.0105 4052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/15 15:07:56.0230 4052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/15 15:07:56.0343 4052 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/15 15:07:56.0493 4052 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/15 15:07:56.0761 4052 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/15 15:07:56.0948 4052 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/15 15:07:57.0049 4052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/15 15:07:57.0260 4052 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/15 15:07:57.0312 4052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/15 15:07:57.0370 4052 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/15 15:07:57.0758 4052 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/15 15:07:58.0094 4052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/15 15:07:58.0158 4052 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/15 15:07:58.0403 4052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/15 15:07:58.0451 4052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 15:07:58.0685 4052 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/15 15:07:58.0721 4052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/15 15:07:58.0767 4052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/15 15:07:58.0844 4052 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/15 15:07:58.0950 4052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/15 15:07:59.0043 4052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/15 15:07:59.0085 4052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/15 15:07:59.0286 4052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/15 15:07:59.0465 4052 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/15 15:07:59.0645 4052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/15 15:07:59.0922 4052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/15 15:07:59.0974 4052 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/15 15:08:00.0040 4052 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/15 15:08:00.0213 4052 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/15 15:08:00.0288 4052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/15 15:08:00.0491 4052 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/15 15:08:00.0750 4052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/15 15:08:00.0885 4052 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/15 15:08:01.0090 4052 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/15 15:08:01.0210 4052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/15 15:08:01.0349 4052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/15 15:08:01.0399 4052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/15 15:08:01.0572 4052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/15 15:08:01.0712 4052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/15 15:08:01.0905 4052 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/15 15:08:02.0032 4052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/15 15:08:02.0256 4052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/15 15:08:02.0410 4052 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/15 15:08:02.0875 4052 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/15 15:08:03.0115 4052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/15 15:08:03.0266 4052 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 15:08:03.0456 4052 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 15:08:03.0543 4052 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 15:08:03.0702 4052 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/15 15:08:03.0743 4052 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/15 15:08:03.0845 4052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/15 15:08:04.0103 4052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/15 15:08:04.0267 4052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/15 15:08:04.0304 4052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/15 15:08:04.0475 4052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/15 15:08:04.0703 4052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/15 15:08:04.0758 4052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/15 15:08:04.0902 4052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/15 15:08:05.0092 4052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/15 15:08:05.0321 4052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/15 15:08:05.0495 4052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/15 15:08:05.0778 4052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/15 15:08:05.0871 4052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/15 15:08:06.0048 4052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/15 15:08:06.0222 4052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/15 15:08:06.0374 4052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/15 15:08:06.0498 4052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/15 15:08:07.0038 4052 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/15 15:08:07.0240 4052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/15 15:08:07.0295 4052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/15 15:08:07.0356 4052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/15 15:08:07.0494 4052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/15 15:08:07.0765 4052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/15 15:08:07.0863 4052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/15 15:08:08.0099 4052 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/15 15:08:08.0162 4052 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/15 15:08:08.0236 4052 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/15 15:08:08.0493 4052 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/15 15:08:08.0646 4052 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/15 15:08:08.0838 4052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/15 15:08:08.0889 4052 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/15 15:08:08.0975 4052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/15 15:08:09.0167 4052 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/15 15:08:09.0234 4052 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/15 15:08:09.0340 4052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/15 15:08:09.0583 4052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/15 15:08:09.0654 4052 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/15 15:08:09.0743 4052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/15 15:08:10.0045 4052 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/15 15:08:10.0257 4052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/15 15:08:10.0324 4052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/15 15:08:10.0420 4052 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/15 15:08:10.0671 4052 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/15 15:08:10.0828 4052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/15 15:08:10.0920 4052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 15:08:11.0011 4052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/15 15:08:11.0184 4052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/15 15:08:11.0386 4052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/15 15:08:11.0576 4052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 15:08:11.0656 4052 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/15 15:08:11.0686 4052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/15 15:08:11.0817 4052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/15 15:08:12.0056 4052 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/15 15:08:12.0142 4052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/15 15:08:12.0298 4052 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/15 15:08:12.0407 4052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/15 15:08:12.0567 4052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/15 15:08:12.0626 4052 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/15 15:08:12.0757 4052 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/15 15:08:12.0961 4052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/15 15:08:13.0076 4052 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/15 15:08:13.0282 4052 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/15 15:08:13.0401 4052 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/15 15:08:13.0590 4052 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/15 15:08:13.0663 4052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/15 15:08:13.0895 4052 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/15 15:08:13.0943 4052 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/15 15:08:14.0027 4052 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/15 15:08:14.0248 4052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/15 15:08:14.0344 4052 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
2011/09/15 15:08:14.0468 4052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/15 15:08:14.0665 4052 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/15 15:08:14.0665 4052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/15 15:08:14.0673 4052 sptd - detected LockedFile.Multi.Generic (1)
2011/09/15 15:08:14.0972 4052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/15 15:08:15.0104 4052 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/15 15:08:15.0356 4052 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/15 15:08:15.0493 4052 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/15 15:08:15.0614 4052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/15 15:08:15.0809 4052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/15 15:08:15.0858 4052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/15 15:08:15.0958 4052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/15 15:08:16.0111 4052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/15 15:08:16.0197 4052 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/15 15:08:16.0384 4052 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/15 15:08:16.0635 4052 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/15 15:08:16.0892 4052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/15 15:08:16.0961 4052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/15 15:08:17.0335 4052 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\Windows\system32\DRIVERS\tdrpm174.sys
2011/09/15 15:08:17.0644 4052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/15 15:08:17.0748 4052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/15 15:08:17.0984 4052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/15 15:08:18.0284 4052 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2011/09/15 15:08:18.0478 4052 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/09/15 15:08:18.0583 4052 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
2011/09/15 15:08:18.0828 4052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 15:08:18.0890 4052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/15 15:08:19.0049 4052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/15 15:08:19.0178 4052 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/15 15:08:19.0330 4052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/15 15:08:19.0639 4052 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/15 15:08:19.0823 4052 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/15 15:08:20.0081 4052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/15 15:08:20.0209 4052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/15 15:08:20.0418 4052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/15 15:08:20.0530 4052 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/15 15:08:20.0757 4052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/15 15:08:20.0859 4052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/15 15:08:21.0054 4052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/15 15:08:21.0178 4052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/15 15:08:21.0388 4052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/15 15:08:21.0563 4052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/15 15:08:21.0748 4052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 15:08:21.0873 4052 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/15 15:08:22.0088 4052 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/15 15:08:22.0416 4052 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/15 15:08:22.0586 4052 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/15 15:08:22.0721 4052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/15 15:08:22.0860 4052 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/15 15:08:22.0958 4052 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/15 15:08:23.0175 4052 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/15 15:08:23.0241 4052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/15 15:08:23.0368 4052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/15 15:08:23.0635 4052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/15 15:08:23.0765 4052 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/15 15:08:24.0006 4052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/15 15:08:24.0115 4052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 15:08:24.0144 4052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 15:08:24.0386 4052 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/09/15 15:08:24.0546 4052 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/15 15:08:24.0763 4052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/15 15:08:25.0072 4052 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/15 15:08:25.0333 4052 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/15 15:08:25.0480 4052 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/15 15:08:25.0664 4052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/15 15:08:25.0773 4052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 15:08:25.0864 4052 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/15 15:08:26.0104 4052 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/09/15 15:08:26.0165 4052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/15 15:08:26.0220 4052 Boot (0x1200) (a64fbb2fecebf87d3f6989199ff00713) \Device\Harddisk0\DR0\Partition0
2011/09/15 15:08:26.0257 4052 Boot (0x1200) (1c0b528129dc4023e3636664cc1ded10) \Device\Harddisk0\DR0\Partition1
2011/09/15 15:08:26.0279 4052 ================================================================================
2011/09/15 15:08:26.0280 4052 Scan finished
2011/09/15 15:08:26.0280 4052 ================================================================================
2011/09/15 15:08:26.0291 4436 Detected object count: 1
2011/09/15 15:08:26.0291 4436 Actual detected object count: 1
2011/09/15 15:08:34.0672 4436 LockedFile.Multi.Generic(sptd) - User select action: Skip
__________________________________________________________
Here is the aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-15 15:04:14
-----------------------------
15:04:14.582 OS Version: Windows 6.0.6002 Service Pack 2
15:04:14.582 Number of processors: 2 586 0x1706
15:04:14.583 ComputerName: ADMIN-PC UserName: Admin
15:04:50.689 Initialize success
15:05:30.564 AVAST engine defs: 11091500
15:06:54.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:06:54.048 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
15:06:54.051 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006d
15:06:54.054 Disk 1 Vendor: ( Size: 114473MB BusType: 0
15:06:54.059 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
15:06:54.062 Disk 2 Vendor: ( Size: 114473MB BusType: 0
15:06:56.078 Disk 0 MBR read successfully
15:06:56.081 Disk 0 MBR scan
15:06:56.091 Disk 0 Windows VISTA default MBR code
15:06:56.097 Disk 0 scanning sectors +234436545
15:06:56.187 Disk 0 scanning C:\Windows\system32\drivers
15:07:11.828 Service scanning
15:07:13.423 Service .avgldx86 \* **LOCKED** 123
15:07:13.651 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:07:14.227 Modules scanning
15:07:41.136 Disk 0 trace - called modules:
15:07:41.154 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x863241f8]<<
15:07:41.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6e788]
15:07:41.155 3 CLASSPNP.SYS[8b96c8b3] -> nt!IofCallDriver -> [0x863ce830]
15:07:41.155 5 acpi.sys[833c26bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863a2840]
15:07:41.155 \Driver\atapi[0x863a2030] -> IRP_MJ_CREATE -> 0x863241f8
15:07:42.598 AVAST engine scan C:\Windows
15:07:54.799 AVAST engine scan C:\Windows\system32
15:10:55.785 AVAST engine scan C:\Windows\system32\drivers
15:11:10.173 AVAST engine scan C:\Users\Admin
15:18:11.778 AVAST engine scan C:\ProgramData
15:20:48.209 Scan finished successfully
15:22:43.992 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
15:22:44.001 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"




jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 16th September 2011, 10:00 am

Ok, the infection is gone.

It was pretty well hidden.
The router settings are OK.

Anything good happened to your internet?

Also
Also please explain again which websites are working, which not and what the differences are between running FF, chrome or IExplorer.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 16th September 2011, 11:57 am

Oh it seems I may have missed that part about the websites. Well, websites that I go to (which I have checked to see if it works in both Mozilla & Internet Explorer) like Google, Youtube, Facebook, seem to work. But certain websites such as anilinkz.com (its where i stream my anime), download sites like filemonster.com, random pop-ups also cant seem to come up sometimes, get the "unable to connect" message.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 19th September 2011, 12:21 pm

Sorry, i´ve been busy elsewhere for a couple of days and limited [You must be registered and logged in to see this link.]

I´m a bit puzzled by what is happening. As far as I can see you computer is clean of malware. When it goes beyond malware cleaning, my support will be less efficient.

I suppose you have already tried to uninstall and reinstall Firefox?

When you go to Control Panel -> Internet Options -> Connections Tab -> Lan Settings, there is no proxy server installed?

You might post your problem in one of our other tech forums....

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 19th September 2011, 11:08 pm

I have un-installed and installed Firefox 2 times :\, but yes, the malware is definitely gone and you have my gratitude.
I will check out GeekPolice's other forums for assistance with this matter. Thank you for all your help up until now.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 20th September 2011, 8:35 pm

Another thing you could try is go to Tools ==> Addons and disable/enable addons and see if any of them causes this problem.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum