Win32/Cryptor Virus- Plz Help Remove

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 31 Aug 2011, 5:34 am

I have run AVG 2011, AVG PC Tuneup, Avira Antivirus, Registry Repair Wizard, and Spyware Doctor to try and remove this virus, but none of it worked. It all started one day when AVG said its VDB failed, but I ignored it and went on the web, in which case I caught the virus and now it won't go away. It always pops up, according to AVG, in the C:\Windows\Temp\(insert long random number here).exe. My computer is slow as a snail now, hidden folders become visible, identity protection in AVG is at risk, Windows' windows turn into windows 95 look, etc. Plz help me.
Here is a quick spec of my computer:
Windows Vista Home Premium (32 Bit)
Service Pack 2
Vaio VGN-CR420E Laptop
Intel Core 2 Duo CPU T8100 @ 2.10GHz
3 GB Ram

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 31 Aug 2011, 5:37 am

Here is the OTL File: Its very long, so I will split it into parts:
OTL logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/29 17:59:20 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
PRC - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/06/20 16:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/25 23:56:48 | 001,540,480 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/20 09:45:10 | 000,764,232 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2011/01/01 01:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 02:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2008/01/20 22:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/06/15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/27 13:49:35 | 002,576,384 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
MOD - [2011/08/27 13:49:30 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/12/01 01:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/12/01 01:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/12/01 01:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/10/30 21:09:43 | 002,975,640 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 05:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49717

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e55bf35&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/24 23:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/24 23:19:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 10:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/06 13:09:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/03 18:15:10 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/08/16 11:22:01 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/08/05 12:20:03 | 000,000,000 | ---D | M] (Quizulous_v2b Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{ec173f7c-6744-441f-be93-c7cc43103ba5}
[2011/08/05 12:20:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/07/03 18:14:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\plugin@yontoo.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2011/08/16 11:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\trash
[2011/07/03 18:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/04/13 15:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 19:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/24 23:19:17 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKXRI7HD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/18 10:40:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:29:25 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/08/29 15:29:25 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/08/29 15:29:25 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/08/29 15:23:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/08/29 15:23:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/08/29 15:23:45 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/08/29 15:21:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/08/29 15:21:04 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/08/29 15:20:58 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:58 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/08/29 15:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/08/29 15:20:51 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG
[2011/08/28 16:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/28 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/08/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/25 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AVG Security Toolbar
[2011/08/24 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}
[2011/08/24 23:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
[2011/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
[2011/08/23 10:00:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
[2011/08/23 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
[2011/08/21 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
[2011/08/21 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
[2011/08/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2011/08/21 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
[2011/08/21 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
[2011/08/21 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
[2011/08/19 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
[2011/08/19 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
[2011/08/19 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
[2011/08/18 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
[2011/08/18 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
[2011/08/17 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
[2011/08/17 10:04:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
[2011/08/13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
[2011/08/11 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
[2011/08/11 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
[2011/08/11 09:58:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 09:58:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 09:58:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 09:58:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 09:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:54:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:54:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
[2011/08/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
[2011/08/10 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
[2011/08/09 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ventrilo
[2011/08/09 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/08/09 17:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/08/09 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/08/09 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/09 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011/08/07 19:08:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ED1D73E-89E1-4B58-B73B-CB5A3FEB76B5}
[2011/08/07 18:54:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/07 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{29048A1C-25BB-44AD-AF90-E44AA9A38E8C}
[2011/08/06 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/06 13:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/06 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/04 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E59ED909-6070-4B59-ACD7-14904DD4C097}
[2011/08/04 15:38:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D4DD2F3A-9BE7-4D8A-B547-38884AF5A0AA}
[2011/08/03 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6029DEFE-64DF-4756-90B7-9873C930ECAB}
[2011/08/02 23:18:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{31B66B3B-8BB7-49DB-8443-DBB3BE0D56B7}
[2011/08/02 07:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B2F5446C-29A1-4E59-B1D3-0B0FCD4A8574}
[2011/08/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{57709E64-5F64-4FF3-99BB-3B4FD4F434A4}
[2011/07/31 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4EE62924-CCD9-48A9-BDB9-D0C6AEF23F7D}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 31 Aug 2011, 5:39 am

[2011/08/30 12:05:46 | 130,537,212 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 10:34:28 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 10:00:52 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 10:00:52 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 01:38:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/29 19:33:03 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:59:16 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/29 17:59:15 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/29 15:20:55 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 12:52:18 | 000,660,786 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/08/28 16:18:38 | 000,000,954 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | M] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | M] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 23:19:08 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/24 19:03:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/21 18:33:26 | 000,309,821 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:17 | 000,001,352 | -HS- | M] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\adeb.exe
[2011/08/10 09:16:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/09 17:40:15 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:40:10 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:38:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 11:49:26 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 15:23:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/08/29 15:23:46 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2011/08/29 15:23:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/08/29 15:23:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/08/29 15:23:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/08/29 15:21:04 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/08/29 15:20:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/08/29 15:20:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/08/29 15:20:55 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/29 15:20:51 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/08/28 16:18:38 | 000,000,954 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/28 16:18:38 | 000,000,930 | ---- | C] () -- C:\Users\Admin\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | C] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,001,352 | -HS- | C] () -- C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\wggl.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\rgdu.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\qerj.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\qdrn.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\klfm.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\jatr.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\fsfb.exe
[2011/08/18 12:14:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\adeb.exe
[2011/08/09 17:40:10 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:38:52 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/06 13:08:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,001,520 | -HS- | C] () -- C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ytig.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\yfje.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\ujjt.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\runx.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\pbex.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\nsmp.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\epjr.exe
[2011/07/23 09:52:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\bndp.exe
[2011/07/09 15:00:59 | 000,000,996 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\033E.F6A
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
[2011/06/06 00:01:56 | 000,001,566 | -HS- | C] () -- C:\ProgramData\734ic5kl480kc2nvg31
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/08/18 10:40:11 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/08/18 10:39:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/08/18 10:39:55 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 11:49:43 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mshtml.tlb
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2010/01/10 00:45:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2009/11/28 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/06/16 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/21 11:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2011/04/18 01:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/08/29 15:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Antbar
[2010/01/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/08 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/08/28 16:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/08/28 02:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/05/26 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/26 23:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2010/12/16 00:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/08/06 13:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/11 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/08/29 15:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/28 19:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/27 12:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2011/01/18 22:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Daum
[2011/08/20 12:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2011/08/27 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2011/05/26 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/05/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Hide Folder
[2011/07/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/08/30 12:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Giraffic
[2009/12/02 06:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2011/05/24 19:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2011/08/27 13:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/28 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/24 18:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/25 21:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Access for Windows
[2009/11/30 07:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Copier 1.0
[2011/08/24 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/01 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/09 16:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2009/11/29 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\JoinSaw
[2011/08/28 02:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Keyword Search
[2011/08/27 13:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\LeagueOfLegends
[2010/11/09 07:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/16 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/28 19:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/09 06:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 18:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 11:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/18 10:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/07 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/11/28 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2010/10/30 21:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/06 13:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/01/01 01:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/06 02:20:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/08/28 10:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\SmartPCTools
[2011/07/03 18:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\SocialRibbons LP 1
[2011/02/20 00:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Solveig Multimedia
[2009/11/28 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/08/30 12:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2011/08/11 10:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2011/08/21 19:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\StartNow Toolbar
[2009/11/28 19:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/08/09 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/06 00:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2009/11/29 21:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\ToneThis
[2011/08/27 01:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/12 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/09 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/03/29 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2011/02/10 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/07 16:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon - AOL Toolbar
[2010/11/22 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2010/01/07 16:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/29 21:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/11/28 19:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2009/11/30 17:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/30 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/07 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/12/01 02:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/30 17:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/29 21:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/29 21:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/11/29 21:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/03 18:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-29 00:31:50

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/18 10:39:56 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/18 10:40:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 31 Aug 2011, 5:40 am

Here is the Extra:
OTL Extras logfile created on: 8/30/2011 12:05:00 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 39.62% Memory free
6.18 Gb Paging File | 3.67 Gb Available in Paging File | 59.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 25.32 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 0.18 Gb Free Space | 1.40% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- Reg Error: Key error.
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3D323-AE69-4DE2-B20F-ACCD952022AA}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{0B0713A4-CA87-42F8-AB4B-38DE8B7FA903}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{0B437597-91EF-42A3-BEC6-D43CBA9222E0}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBF5271-DA8D-4564-967C-8245F4AFC4AF}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{1099C141-8C65-4FCE-AE4F-D063BB1EB89B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{10DA03A8-274C-4DD6-85D0-1CC6766CAAF6}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{12412044-A9F3-4037-BC49-677FD3972556}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{13483F27-4AAF-4235-A32B-2DE9C19EFBA8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{13E87C8A-F3B4-417E-AA61-9F23EB0873BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{159837C9-F3DD-45DC-9483-307B67E4E10D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{165993D4-4D63-4531-903F-F1E916BB8384}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{173B904F-A81A-4B55-9F42-65C2307AF996}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{183FEC8C-88F1-41F7-80E9-C09E0F381913}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{190093A6-614D-4A09-96B6-2AB1A1118444}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{190DB5F1-9AA2-4A88-A516-A71667196A02}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{1E5ED2CF-72CB-4909-8ADC-A29828AC95A3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{1E97B74A-B4A6-43ED-9D69-ED6B4500060E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{1F91D7E5-53D4-4362-A312-90E482C2A841}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21D2777A-40CD-47D6-B46D-8A6D4D8A6427}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{23146826-E32C-47BF-BEA4-E7B2A44A126A}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{23A52D61-64B0-4C5F-884C-2F78DCC776F6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{25E3EE3D-9957-4AA7-812B-4CE3FC2BEB50}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279260E5-FEF1-4DB7-B866-2CE073445A00}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{29B04333-9197-4E2B-9EDF-6C95AAFB3D8B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{2C52FFEA-719E-45AC-BE84-C88F424D0C64}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{2C750EA4-FA4E-41CD-9CAE-96A57512922F}" = lport=445 | protocol=6 | dir=in | app=system |
"{319615F0-7C04-4D39-9D1F-383B0579A388}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{31B8E44A-F45C-4B6E-AB3B-E03920840ABE}" = rport=138 | protocol=17 | dir=out | app=system |
"{339128DA-2C68-442F-9B62-4CC245DC5CF2}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{33B09F2B-3247-4851-B1C5-8B6677BEF614}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{35A8FD7D-C834-49FF-BCD5-75CE6514853E}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{37288CCB-70A9-4210-933E-43D867DB5385}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{375745D7-220F-4A3F-905D-7E4440DAC2B7}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{39D89762-3F9F-41E2-B3FC-E2FCA2FAA8DF}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{3A5215C0-225C-4708-ACFD-B2E81BFB0B32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{3A54002D-1F39-474F-91B6-FA7235ED00A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF7E628-326A-4A6F-89FD-CBD0DEFED23A}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{3BB38632-7C07-4A8D-98E1-36105981F5CB}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{404431FF-962B-462F-A7EB-A97A6180F2F1}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{40A0A23D-C8AC-4BD4-80C5-FC7469509B45}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{40A90B69-094D-43F3-8856-C5A00E00515E}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{442A4B0D-5A61-415B-B348-90A3F189003F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{455355F8-B43C-4F12-97A6-D656995DA4CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46B0C7D6-3C7D-496B-97DF-F54BA880FA09}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{470B7EDE-EE29-4E60-A81B-619BA6C63583}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{49ADEAF0-D126-4A6E-86F8-C76B000FBE03}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4A3A0410-A36F-46F9-9C96-37E69677DAC5}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{4B06C6E8-1CEF-427B-996A-727D93AD3BD1}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{4B90E19A-4172-46FD-8508-D4DA4AA5ECE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D0FFFC2-802C-406C-8D05-02E948E55FF1}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{4D94FCF6-ECA4-4A4C-A534-BD865B5C6CB2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DCC247D-90E1-470C-AEA0-DC3094059E3C}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{4F0179D7-2EAB-4C05-92CB-09EF741E7DFC}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{4FC9CF35-609E-40A0-85A1-5B1FA5DFEDA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50CBDF4C-CFFF-4066-8F66-5A94509B473D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{51FB9642-1DA8-47A0-9EF9-71C54685A667}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{54EA3E4C-AF1A-4F0A-B059-2FAF09F04B07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D5542D-DBFE-4364-B229-6D6A03A4A756}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher |
"{56E08EDF-6FAD-40EB-82C4-CA08CF13BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57236925-6ACB-4AD4-A260-EA5E896F9A0C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5278EF-D558-4610-B277-1B79E233D2AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5ADE2B52-F095-4A30-8973-AF770706A098}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{5D4D7938-6AF8-49D8-B383-7382BA2FF027}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{5E0F8E79-6597-4E42-A00B-937A9BD1F81D}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{5F1FAD54-88FF-4BD1-A9AD-B798E4728965}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |
"{5F5C2F26-4046-4DD2-AB47-13A5CE45CE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69038CCF-006D-44C0-B237-336DD2B582A1}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{69194A7D-6E07-45D4-B74E-AAEEAAEC9160}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{699CFBAF-F787-4CA5-818D-212E0FEC9BB4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{6B46DD77-8662-4EAF-B256-E91C41922D9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C17F023-650E-4EBC-96C4-B0C84BC906C4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{6E880397-5FEC-4C74-88A1-D3BA1391A733}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{6E9470F1-C8CE-4AC8-B5B6-7018C590BC70}" = lport=138 | protocol=17 | dir=in | app=system |
"{7374D1D9-C807-4ECC-AB06-3847E7B41693}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{76989483-6CB1-4877-A5DC-808BA02FE60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76E9FDB7-6CA9-4DD5-B0CF-59C98B28B7EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7757FE35-6D4A-4F09-ADCC-9A27BA52EEFD}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{794A3C33-A9CD-46C5-9A55-97E6DE532E73}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{795D5D37-8A20-4DC1-9D9E-B318E7FDFAF9}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{7E654170-7387-4BA3-8433-D9D4CC1EFB02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{813A9B45-D3B1-4A6D-9209-7C11318CA0FC}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{81AEA6C0-B5FD-41CF-AEB7-532760B0F165}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{84B13428-C3D4-4E25-AC13-38EB091DC467}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{88BB4695-5A68-46E1-B73B-8224391DFD0B}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{88CAB7E9-7884-4CBC-8228-35A416D5C18E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{8B9EC83C-5769-444B-9490-11A236CBE83F}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{8C52F557-3FD4-4059-82F1-7536A5CCF2E7}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{90FC84BB-9604-4FC6-AA58-42459DF24E7A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{939E5701-E8C9-45AE-8100-68522DEE4C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95BA6732-3EB9-43CD-AD2B-A92F4FFC53FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97524C56-CFE7-46B8-AB10-E3E23FB9D9D9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{980DE2E7-4E66-4B2A-94C8-2B24FE521710}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{9BD81228-B8AF-4729-9D94-EC39F9023094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DF7D15E-EE1D-4110-B7C2-27F04EC67216}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C28F9-3D30-499F-88E7-B2C1F0191F80}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{9E601724-B8DE-4200-9545-90AAE42E57FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A024A2A9-4FD7-41B4-BB7F-1C9C1B68214B}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{A46800FC-E0BE-4F5D-B871-DA551E1C2347}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A701BE5E-87CA-4036-BCDC-D769816FBACB}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8F32150-09E3-46D8-BA43-79F3579888DA}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{A97990D9-53FF-417B-A63E-97211678CC4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4EB7DC-9E0D-4325-9DE9-5A55AB1D1421}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{AEAFFBFC-363D-46A0-969A-B74CE8B453F3}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4206F9-4544-47B9-B0BB-7790FE40C970}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{B23BAECD-5057-4719-8BB1-183C92F69185}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530D81E-D7C9-4D52-994E-05C33084E62A}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{B8538551-3AA1-4586-9C35-7EAEB1320A81}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{B89ADA89-D1A2-439D-A3C6-A0CC778561C7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{BDBEC5EB-12D7-4B3C-AA0A-57615F40AE38}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{C232EB13-277F-4E64-B626-B753D100814A}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{C2AAA4EF-7AF5-44D4-9A0C-C3E1E18EB183}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{C386B2D5-2FDC-464C-9D9B-A265CB5C2539}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{C645F34C-FE6F-4E98-A287-A7F8BEFBB275}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{C90AA3F7-CF70-4F06-A8B4-B1F6BF1448A0}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{C90E1B62-6764-476C-ACC3-6ECD65439A3C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CC60E6A5-737A-4906-8992-72378B712488}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{CEF3EE49-D9F1-4584-91BE-FC687498433F}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher |
"{D112D3C9-288E-420A-8A9F-345AD69C510F}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{D1E551C1-A721-4EC1-AD8A-B8A552BE9C01}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{D1EDAD76-FE38-446A-BC62-25559DA8A20D}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{D23C8CF6-0E0D-4749-A41A-64577D550DA1}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D449411C-E9EC-4B46-8117-827A1A749AD2}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{D45E0D78-74AB-4EC0-8671-F85C8A63413F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D503811E-A8E1-4AB9-903B-585CF3ADBDBC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D5725A21-5C09-44E4-82FA-DBC721203675}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{D5BFE526-02F8-4A57-B0C2-4B6B37496914}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{D617BB75-A207-4E46-9B16-E42AA65BB87D}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D6912923-1DF6-458C-9A0D-788703D75DA7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{D8899722-DC18-40CC-9750-8FF7A2488FC1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{DCE1BA94-471A-4DA2-B712-2594A9A33A0E}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{DDBB8C43-3DC1-4362-98CF-1FDE043F399E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F041061E-5215-44DC-B6F5-474A3B39B4AC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{F3C31069-07F5-4372-8089-EE0389E9964B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5815EFE-E650-43AE-9661-2038DADFC880}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{F7922FFB-CBC8-474D-ACAD-A2D7B688C550}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F85C9794-5DB3-4418-A50C-7F6517C89C3C}" = lport=49335 | protocol=6 | dir=in | name=akamai netsession interface |
"{F867D1CC-715E-41F8-8DF7-D5BD70027605}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{FB9298C3-5001-466F-8FA3-9A1D8E76A0F7}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{FD8D6D24-47FF-493D-9084-B0C0CAA1D93F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{FE7B498F-8E99-4CBD-9887-09897873901B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{FF6C43B0-DE05-4E5F-BED7-F1E6DB06CE42}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA16D-755D-4E9C-9832-9090EF6A7ADD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C43F356-6C53-42D3-B0DA-287B59BF23B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{107847FD-907A-4DE0-80C0-AD15D3A1BB9F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11A645F6-16F6-4FA5-A44D-E1997D572104}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15007A92-3C24-4E92-81C6-A5C8FC46B61A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29165D34-2BD2-45BE-BBAA-35D96A79FCA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3092CD86-98D1-4233-8368-EE6CA0BB3748}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3AD2F8EB-2A45-4961-B768-A49AB6A65927}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3B1BDAD6-EBA2-4832-A3D3-ED8CB66A8887}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3E0F4B6B-4379-4625-8729-FD86039C3DB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{42BE5386-FDD7-4223-9888-277DB3D3DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{478BCCF8-FE7E-4E29-ACE0-E11DD4143109}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488C3249-6CF3-4F75-B34F-A5C9E69D311D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B42CC87-61D2-4799-90E4-0550499BBA32}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CC85903-88C0-4BAD-A660-25A4836E50EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{533039FE-52B0-4B8F-8853-59451DCA2F72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56AD7F71-A53D-4DAE-A197-770223BA557B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{575A2FE7-D75B-4172-9F56-5B2248D776A0}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{5870BD9C-BF07-44B2-B75B-0D3FDE4B9DB9}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{5CB28A0F-267F-4C0E-8238-74DBFC373500}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5DB7E2B1-FBEA-4956-832A-45E082DFF3A7}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6DA9C81F-C01F-4DB4-BBA8-60D91AF59EEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{737221E6-84BA-42A9-AFD1-3D8C549A3DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C0A1EE6-5372-4F01-A657-BC4C00C23B3C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7E784AEE-9644-4F1B-88DA-BE8F8A1DC872}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8628E406-BDD7-4E8A-939F-76EDAF978B82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88BDD46D-46A4-4B4C-9FBD-5D65EA032BF4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8B02DB57-3090-47D0-B382-692785A0D670}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B1D4979-5756-4123-8183-D72AE6000E45}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{944845B5-F603-45FB-9311-A97335DF2BCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{945F1F97-881E-498C-9657-EDC69FFA4882}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9723D8EB-F55A-4038-BE41-8F773554ECA9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{979DF4DF-58D1-4D46-9FF4-644373D6771A}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9BE02B71-4EA7-4EAD-8B52-727B956E58D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A2892120-330B-488F-B327-CC701287E30A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4070725-CE07-4808-8BB5-02148A4F568D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAF6FFF4-D180-4B51-BABE-C5A2FFC8705A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2ABDD43-C8B8-4EBE-B810-3464ECE1D604}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F42550-EDF8-4B4F-A0A7-B94118EC95D4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{BE34851B-CFC5-4DE8-9D5E-08DA11EF2C64}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{BE5B3715-C928-48EC-B8CE-B22C086D124C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C2DA1FA0-A126-41B3-B593-777B34DD04F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C350AD24-59C6-4F46-90AB-BB18453273EE}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{C6EEE6A8-78C6-44A0-86FA-77D094F9A501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CFFFFECB-85EE-4D02-BE1D-97D53EA659BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1055954-8A9E-490D-BC02-D56ADCE75698}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D61E30C9-1A22-44F9-AF5A-521FDBF182C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB90B36E-1BC6-4F8D-998B-3E05652A1FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E0D31C3B-985A-4C80-97D8-C355E83175CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0F62584-5F8C-4B2D-A817-F2C19B2B4249}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{E5956A52-2F57-4A1F-A750-40F0D05943B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E7A3E060-F639-4D6A-95FE-C338DE43BF47}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EE37BF2A-E961-4043-B1C8-D070172EBC24}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{F1A90838-F1D7-4904-94B8-8513442E0C8B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FADFB46C-298C-4081-8E14-1FD635714E89}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FB915FAF-237F-42AE-AD1A-18C11A4AB4F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FD4F45A6-D41B-4767-B0C4-6D0602E365E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FE14BABD-B1B1-4FD4-80A2-51D00DD8205E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF5EFFFB-5F7C-4EB9-8D44-75444652CC58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0D83FA58-36B4-45B5-AA7F-C8CA485FD7A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{1416E23D-9E10-4C07-8EA4-6D4EFA9B3F57}I:\techwizard.exe" = protocol=6 | dir=in | app=i:\techwizard.exe |
"TCP Query User{8460E902-AEBD-4A36-AEC5-F4431D7B9549}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{AE553DD2-4BEE-48DD-85F4-D364E1120831}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F7AF3BB6-586F-4F88-AAA2-F7F8E9B23B0D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{41C33E99-5FA7-4260-80A2-D034DF4F8884}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{67C8C370-6DCB-4CB3-BB75-ECA5121E71FB}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{71950748-4285-4CC2-9457-956C98A52C84}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9D513242-3561-4D05-9921-68E8C74B64C8}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B75D48F9-4303-488E-9354-4B589B4BF954}I:\techwizard.exe" = protocol=17 | dir=in | app=i:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"AVG" = AVG 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 3.1_is1" = AVS Video Editor 3.1.1.93
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DemoApp" = Fast File Saw & Joiner V3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Hide Folder" = Free Hide Folder
"Free Video Dub_is1" = Free Video Dub version 1.8.11.426
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Giraffic" = Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"iPod Access for Windows_is1" = iPod Access for Windows v4.4.1
"Keyword Search" = Keyword Search
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 12.0" = RealPlayer
"Registry Repair Wizard_is1" = Registry Repair Wizard
"Revo Uninstaller" = Revo Uninstaller 1.92
"SocialRibbons LP 1" = SocialRibbons LP 1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"StartNow Toolbar" = StartNow Toolbar 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"ToneThis" = ToneThis
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Verizon - AOL Toolbar" = Verizon - AOL Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2011 1:07:27 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 9:54:45 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:12:31 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x5dc, application
start time 0x01cc671c0135d2df.

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 10:25:11 AM | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/30/2011 10:55:22 AM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

Error - 8/30/2011 11:50:50 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/30/2011 11:52:04 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 8/30/2011 12:14:48 PM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 11/29/2009 9:02:11 PM | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/30/2011 10:28:46 AM | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =

Error - 8/30/2011 11:49:38 AM | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:08:26 AM on 8/30/2011 was unexpected.

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/30/2011 11:52:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/30/2011 11:52:42 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2011 11:53:12 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 31 Aug 2011, 5:41 am

Here is the aswMBR AND the Security Check checkup.txt
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 12:52:20
-----------------------------
12:52:20.820 OS Version: Windows 6.0.6002 Service Pack 2
12:52:20.820 Number of processors: 2 586 0x1706
12:52:20.821 ComputerName: ADMIN-PC UserName: Admin
12:52:44.412 Initialize success
12:54:53.855 AVAST engine defs: 11083001
12:56:36.168 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:56:36.171 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
12:56:36.174 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
12:56:36.177 Disk 1 Vendor: ( Size: 114473MB BusType: 0
12:56:36.181 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
12:56:36.184 Disk 2 Vendor: ( Size: 114473MB BusType: 0
12:56:36.188 Disk 0 MBR read error 0
12:56:36.191 Disk 0 MBR scan
12:56:36.297 Disk 0 unknown MBR code
12:56:36.301 MBR BIOS signature not found 0
12:56:36.306 Disk 0 scanning sectors +234436545
12:56:36.441 Disk 0 scanning C:\Windows\system32\drivers
12:57:09.237 Service scanning
12:57:12.640 Service .avgldx86 \* **LOCKED** 123
12:57:13.117 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:57:13.770 Modules scanning
12:57:26.300 Disk 0 trace - called modules:
12:57:26.307 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll >>UNKNOWN [0x86c794c0]<<
12:57:26.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86752820]
12:57:26.323 3 CLASSPNP.SYS[8ab688b3] -> nt!IofCallDriver -> [0x8664f3b8]
12:57:26.329 5 PCTCore.sys[8273deae] -> nt!IofCallDriver -> [0x84d914f8]
12:57:26.334 7 acpi.sys[805c16bc] -> nt!IofCallDriver -> [0x84d916c0]
12:57:26.339 \Driver\atapi[0x86b59030] -> IRP_MJ_CREATE -> 0x86c794c0
12:57:29.242 AVAST engine scan C:\Windows
12:57:35.076 AVAST engine scan C:\Windows\system32
13:02:13.151 AVAST engine scan C:\Windows\system32\drivers
13:02:35.563 AVAST engine scan C:\Users\Admin
13:06:36.427 AVAST engine scan C:\ProgramData
13:16:05.032 Scan finished successfully
13:18:30.732 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
13:18:30.744 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

____________________________________________________________
Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
AVG PC Tuneup 2011
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFService.exe
``````````End of Log````````````


jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Sat 03 Sep 2011, 4:40 am

bump

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Sat 03 Sep 2011, 7:33 am

Hi there jungwpark!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I“m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I“m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn“t mean it is clean yet!

====================

Before doing anything, you really need to uninstall some of your security software. All that stuff just gets into its way. Running two antivirus is a particularly bad idea. Your computer will slow down a lot and be instable because of it. I suggest you uninstall everything except for Avira.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31
C:\ProgramData\734ic5kl480kc2nvg31
C:\Users\Admin\AppData\Local\wggl.exe
C:\ProgramData\rgdu.exe
C:\Users\Admin\AppData\Local\qerj.exe
C:\ProgramData\qdrn.exe
C:\Users\Admin\AppData\Local\klfm.exe
C:\ProgramData\jatr.exe
C:\Users\Admin\AppData\Local\fsfb.exe
C:\ProgramData\adeb.exe
C:\Users\Admin\AppData\Local\ytig.exe
C:\ProgramData\yfje.exe
C:\Users\Admin\AppData\Local\ujjt.exe
C:\Users\Admin\AppData\Local\runx.exe
C:\ProgramData\pbex.exe
C:\Users\Admin\AppData\Local\nsmp.exe
C:\ProgramData\epjr.exe
C:\ProgramData\bndp.exe
C:\Users\Admin\AppData\Local\brv.exe
C:\Users\Admin\AppData\Local\amo.exe

:otl

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

You have a bunch of toolbars installed, some of them are not recommended (adware). I would uninstall all of them except for the ones you really like and use.

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Sun 04 Sep 2011, 5:34 pm

Thank you for your response. Honestly, I wuz getting worried as to whether someone will actually take up this task of helping me xD.
So, I have uninstalled AVG 2011, and Spyware Doctor (the other 2 anti virus programs other than avira, respectively) and have run the OTL "run fix" and the MBAM. I will post the results here:

OTL Run Fix Results:
========== FILES ==========
C:\Users\Admin\AppData\Local\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\ProgramData\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la moved successfully.
C:\Users\Admin\AppData\Local\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\Users\Admin\AppData\Local\734ic5kl480kc2nvg31 moved successfully.
C:\ProgramData\734ic5kl480kc2nvg31 moved successfully.
C:\Users\Admin\AppData\Local\wggl.exe moved successfully.
C:\ProgramData\rgdu.exe moved successfully.
C:\Users\Admin\AppData\Local\qerj.exe moved successfully.
C:\ProgramData\qdrn.exe moved successfully.
C:\Users\Admin\AppData\Local\klfm.exe moved successfully.
C:\ProgramData\jatr.exe moved successfully.
C:\Users\Admin\AppData\Local\fsfb.exe moved successfully.
C:\ProgramData\adeb.exe moved successfully.
C:\Users\Admin\AppData\Local\ytig.exe moved successfully.
C:\ProgramData\yfje.exe moved successfully.
C:\Users\Admin\AppData\Local\ujjt.exe moved successfully.
C:\Users\Admin\AppData\Local\runx.exe moved successfully.
C:\ProgramData\pbex.exe moved successfully.
C:\Users\Admin\AppData\Local\nsmp.exe moved successfully.
C:\ProgramData\epjr.exe moved successfully.
C:\ProgramData\bndp.exe moved successfully.
File\Folder C:\Users\Admin\AppData\Local\brv.exe not found.
File\Folder C:\Users\Admin\AppData\Local\amo.exe not found.
========== OTL ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.6 log created on 09042011_013459
___________________________________________________________

MBAM Log:
Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7647

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 2:22:12 AM
mbam-log-2011-09-04 (02-22-05).txt

Scan type: Quick scan
Objects scanned: 175324
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{610EBFCC-8014-4224-8789-FA7E8E705569} (Adware.Torangz) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.TorangBand.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\torangcomz.torangcomz.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\torangcomz.DLL (Adware.Torangz) -> No action taken.
HKEY_CURRENT_USER\Software\Keyword Search (Adware.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\brv.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Admin\AppData\Local\amo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Once again, thank you for your help and I eagerly wait for your response.
~jungwpark

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Sun 04 Sep 2011, 6:27 pm

OK, we cleaned up some stuff.
Malwarebytes found some things - you should allow malwarebytes to clean that up too.

  • Please run Malwarebytes' Anti-Malware
  • Click the Update tab and click Check for Updates.
  • After that, click the Scanner tab, select Perform Quick Scan and click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Mon 05 Sep 2011, 1:31 am

Thank you for your fast response; it always feels good when others aid people in need of help with fervor ^-^.
So, I have run the MBAM and it found 2 more infections, which MBAM repaired. Here is the log:

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7649

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/4/2011 10:08:15 AM
mbam-log-2011-09-04 (10-08-15).txt

Scan type: Quick scan
Objects scanned: 175472
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Admin\AppData\Local\Temp\ms1cfg32.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.

Yours truly,
jungwpark

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Mon 05 Sep 2011, 4:13 am

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 27

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 27).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have UAC disabled. From security point of view, this is not recommended.

How is your computer running now?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Tue 06 Sep 2011, 2:40 pm

Sorry for the very late reply. I was very busy with work and had no time to even check the computer at nights after work. Thank you for your dedication to helping me & my dilemma. The virus seems to be cleared now and the computer is running like it did before the virus hit. Your expertise in this field is envious from my point of view, and hope that u help others just as dedicated and sincere. Tyvm gabethebabe.

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Tue 06 Sep 2011, 4:35 pm

Time to uninstall used tools.

  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can“t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Wed 07 Sep 2011, 10:48 pm

Thank you once again gabethebabe for your help. But I think I need help with one more issue. After the virus has been wiped, it seems that I cannot access some websites and get the message "unable to connect". Would you know how to fix this issue?

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Wed 07 Sep 2011, 10:57 pm

Does the following help:

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Thu 08 Sep 2011, 6:58 am

It does not seem to work :\. I went to a website that tells whether a site is down or not, and tried many of the websites Firefox is "unable to connect" to, but it says all the sites r up & running :\. Any other suggestions, gabethebabe?

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Thu 08 Sep 2011, 7:05 am

It only happens in FF or are the same sites also unavailable from other browsers?

Feel free to run a normal OTL scan and post the logs

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Thu 08 Sep 2011, 9:53 am

It does not seem to work for either Internet Explorer, or Firefox (i have not installed google chrome yet).

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Thu 08 Sep 2011, 10:06 am

Here is the OTL log. I did not add any custom scans/fixes to the scan:

OTL logfile created on: 9/7/2011 6:54:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.13% Memory free
6.18 Gb Paging File | 4.27 Gb Available in Paging File | 69.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 29.63 Gb Free Space | 35.69% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 12.50 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/25 23:56:48 | 001,540,480 | ---- | M] (SmartPCTools) -- C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2011/01/01 01:17:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 02:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 08:01:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/24 05:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 07:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 07:53:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/09/07 07:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 19:49:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/03 18:15:10 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/08/05 12:20:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/07/03 18:14:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\plugin@yontoo.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2011/07/03 18:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/05 23:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NKXRI7HD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/05 23:27:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Registry Repair Wizard Scheduler] C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe (SmartPCTools)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 23:28:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 02:11:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/09/04 02:11:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/04 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/04 02:11:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/04 02:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 01:34:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fixing the Comp
[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 10:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair Wizard
[2011/08/28 10:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/27 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/24 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
[2011/08/24 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
[2011/08/23 10:00:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
[2011/08/23 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
[2011/08/21 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
[2011/08/21 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
[2011/08/21 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic
[2011/08/21 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
[2011/08/21 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
[2011/08/21 10:08:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
[2011/08/19 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
[2011/08/19 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
[2011/08/19 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
[2011/08/18 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
[2011/08/18 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
[2011/08/17 10:04:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
[2011/08/17 10:04:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
[2011/08/13 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
[2011/08/11 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
[2011/08/11 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
[2011/08/11 09:58:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 09:58:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 09:58:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 09:58:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 09:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:54:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:54:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 20:11:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
[2011/08/10 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
[2011/08/10 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
[2011/08/09 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ventrilo
[2011/08/09 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/08/09 17:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/08/09 17:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/08/09 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/09 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 17:59:30 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 17:59:30 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 17:54:28 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 17:54:28 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 15:54:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 15:54:04 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 12:54:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/07 10:11:45 | 298,580,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/07 08:01:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/07 07:59:26 | 000,000,830 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/07 07:55:33 | 000,238,265 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks.html
[2011/09/06 23:46:48 | 000,053,757 | ---- | M] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/05 23:27:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/05 23:27:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 17:51:40 | 000,012,979 | ---- | M] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 09:57:05 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 18:35:19 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 13:18:30 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 10:11:01 | 000,000,911 | ---- | M] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/09 17:40:15 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:40:10 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:38:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 09:13:43 | 298,580,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/07 07:59:25 | 000,000,830 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/07 07:55:33 | 000,238,265 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks.html
[2011/09/06 23:46:48 | 000,053,757 | ---- | C] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/04 17:51:40 | 000,012,979 | ---- | C] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 18:36:42 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 13:18:30 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/28 10:11:01 | 000,000,911 | ---- | C] () -- C:\Users\Admin\Desktop\Registry Repair Wizard 2011.lnk
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/09 17:40:10 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/09 17:38:52 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/07/09 15:00:59 | 000,000,996 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\033E.F6A
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Thu 08 Sep 2011, 11:03 pm

We will proceed with some cleanup - never a bad idea and who knows, it might solve your problem.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\ProgramData\TEMP:0B4227B4
C:\ProgramData\TEMP:ECF54A0E
C:\ProgramData\TEMP:DFC5A2B2
C:\ProgramData\TEMP:FB1B13D8
C:\ProgramData\TEMP:A8ADE5D8
C:\Windows\System32\?G /u
C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF}
C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9}
C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206}
C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734}
C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5}
C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204}
C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9}
C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5}
C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289}
C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952}
C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B}
C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC}
C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67}
C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167}
C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF}
C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8}
C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE}
C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40}
C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57}
C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337}
C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD}
C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8}
C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC}

:otl
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

  • Please download TFC (Temp File Cleaner) by OldTimer from here and save it to your desktop.
  • Close all programs before proceeding with the next step.
  • Double-click TFC.exe to start the cleaning process and allow it to run
  • Depending on the amount of files that needs to be deleted this can take seconds or up to several minutes.
  • If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

I recommend you install all toolbars. Some of them have a shady reputation. Feel free to reinstall them later.
Ant toolbar
AOL/Verizon toolbar
Startnow toolbar (this one especially)
Social ribbons toolbar

Basically - every toolbar you can find - get rid of it.

What is this "Giraffic"software? If not really needed ==> uninstall

You have some SMartPCTools registry wizard. Registry wizards can damage your computer => uninstall. It has a bad reputation too.

After this cleanup, Let me knowif things got better


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Sun 11 Sep 2011, 5:46 am

Sorry for the very late response. I was away from my house for a bit and forgot my username and password so I couldn't access it from another computer.
Here are the results from the OTL Fix:
========== FILES ==========
File\Folder C:\ProgramData\TEMP:0B4227B4 not found.
File\Folder C:\ProgramData\TEMP:ECF54A0E not found.
File\Folder C:\ProgramData\TEMP:DFC5A2B2 not found.
File\Folder C:\ProgramData\TEMP:FB1B13D8 not found.
File\Folder C:\ProgramData\TEMP:A8ADE5D8 not found.
File\Folder C:\Windows\System32\?G not found.
C:\Users\Admin\AppData\Local\{02A2ACA1-573F-4D6F-AEFC-59F67C4ED7FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{2FCB5076-9669-43BA-9023-B8D31A24EBC9} folder moved successfully.
C:\Users\Admin\AppData\Local\{7A9C5FE4-0F92-40FE-B276-563431B12206} folder moved successfully.
C:\Users\Admin\AppData\Local\{D81F9FD2-0301-425E-A5A0-A1C9F00A1734} folder moved successfully.
C:\Users\Admin\AppData\Local\{B3C0113C-FD72-409B-9A5D-811C2CB638C5} folder moved successfully.
C:\Users\Admin\AppData\Local\{81746D08-F975-4357-A864-23720D8B2204} folder moved successfully.
C:\Users\Admin\AppData\Local\{E14540B5-A7E1-4730-AC37-FEA3915864E9} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6FFBD21-57DF-43E7-8913-E7753EA415E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{7D0D77F9-ECE8-4754-B0B6-3DA5A9328289} folder moved successfully.
C:\Users\Admin\AppData\Local\{6F1DB29F-2B01-42A6-BCB7-D26D351BC952} folder moved successfully.
C:\Users\Admin\AppData\Local\{FB990608-C6B3-45BF-BC13-FC1BBEA3C53B} folder moved successfully.
C:\Users\Admin\AppData\Local\{A1C43EF6-C069-4FA5-88E6-A1DAF36D7BBC} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A800A6B-14DB-454C-9DF7-76064D438D67} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F29E3B4-F866-4645-9F62-573F4B565167} folder moved successfully.
C:\Users\Admin\AppData\Local\{9A9CA7B7-7BD4-4881-8911-DDB08D01D8DF} folder moved successfully.
C:\Users\Admin\AppData\Local\{F5A621E1-68E6-48D6-93F8-54B8220086E8} folder moved successfully.
C:\Users\Admin\AppData\Local\{61FBE1E4-00FF-4EB1-B8F7-F6E8975750EE} folder moved successfully.
C:\Users\Admin\AppData\Local\{377EA41B-D7F9-458C-8573-19042CA00B40} folder moved successfully.
C:\Users\Admin\AppData\Local\{E10D234E-D330-4476-B05A-1809721E8B57} folder moved successfully.
C:\Users\Admin\AppData\Local\{E22A9DD9-2CCF-4F6B-9C28-29CE13B5E337} folder moved successfully.
C:\Users\Admin\AppData\Local\{89E67C65-7F3C-44EB-9560-44F4C86156DD} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AB9971F-1A5B-422D-9DC2-58B32D32F9D8} folder moved successfully.
C:\Users\Admin\AppData\Local\{290B56E5-F30F-44F9-9F3C-5B86248499EC} folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.6 log created on 09102011_143144

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Sun 11 Sep 2011, 6:51 am

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
@C:\ProgramData\TEMP:0B4227B4
@C:\ProgramData\TEMP:ECF54A0E
@C:\ProgramData\TEMP:DFC5A2B2
@C:\ProgramData\TEMP:FB1B13D8
@C:\ProgramData\TEMP:A8ADE5D8
C:\Windows\System32 /u
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Did you get rid of the rest as well. Any effect?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Sun 11 Sep 2011, 6:08 pm

I have run OTL fix again, and here are the results:
========== FILES ==========
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:FB1B13D8 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
File\Folder C:\Windows\System32 not found.

OTL by OldTimer - Version 3.2.26.6 log created on 09112011_030712

As of now, I still cannot access the websites, and continue to get the "unable to connect" message from firefox.

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on Mon 12 Sep 2011, 8:27 pm

OK, I“m not sure what is going on. What I can do is one final malware (rootkit) check. If this is clean, I think the best thing you can do is Google the error messages. You will find a LOT of help on the Internet for common problems such as this.

For example:
[You must be registered and logged in to see this link.]

====================

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don“t take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on Tue 13 Sep 2011, 11:11 am

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-12 19:52:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MK1246GSX rev.LB213M
Running: fc6rk1jz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


---- System - GMER 1.0.15 ----

SSDT 9077D3BE ZwCreateSection
SSDT 9077D3C3 ZwSetContextThread
SSDT 9077D35F ZwTerminateProcess

INT 0x52 ? 86D73BF8
INT 0x62 ? 86D73BF8
INT 0x72 ? 8515CED8
INT 0x82 ? 8515CED8
INT 0xA2 ? 86D73BF8
INT 0xA2 ? 86D73BF8
INT 0xA2 ? 86D73BF8
INT 0xB2 ? 86D73BF8
INT 0xB3 ? 86D73BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 826C0998 4 Bytes [BE, D3, 77, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 826C0CF0 4 Bytes [C3, D3, 77, 90] {RET ; SAL DWORD [EDI-0x70], CL}
.text ntkrnlpa.exe!KeSetEvent + 621 826C0DA4 4 Bytes [5F, D3, 77, 90] {POP EDI; SAL DWORD [EDI-0x70], CL}
? System32\Drivers\spwx.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 900FA41B 5 Bytes JMP 86D731D8
.text ailykpn9.SYS 8AF58000 22 Bytes [82, 53, 9D, 82, 6C, 52, 9D, ...]
.text ailykpn9.SYS 8AF58017 106 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text ailykpn9.SYS 8AF58082 74 Bytes [62, 82, 98, AE, 6B, 82, 86, ...]
.text ailykpn9.SYS 8AF580CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text ailykpn9.SYS 8AF58118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[520] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\System32\svchost.exe[1212] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text ...
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!WindowFromPoint 7708884F 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!GetForegroundWindow 770932C4 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[3984] USER32.dll!GetCursorPos 770A0B88 5 Bytes JMP 0088000A
.text C:\Windows\system32\svchost.exe[3984] ole32.dll!CoCreateInstance 75F39F3E 5 Bytes JMP 0086000A
.text C:\Program Files\real\realplayer\Update\realsched.exe[4012] kernel32.dll!SetUnhandledExceptionFilter 762CA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] kernel32.dll!IsDebuggerPresent 762BEFF7 6 Bytes JMP 0060794C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] kernel32.dll!DeviceIoControl 762C50FF 7 Bytes JMP 0060800C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ole32.dll!CoCreateInstance 75F39F3E 5 Bytes JMP 00606EF4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] USER32.dll!ChangeDisplaySettingsExA 77086FE7 5 Bytes JMP 00607FB4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] USER32.dll!ChangeDisplaySettingsExW 770CA9E4 5 Bytes JMP 00607FE0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegFlushKey 7638CDEB 7 Bytes JMP 00607974 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteKeyA 763A1C8C 5 Bytes JMP 00607A78 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryInfoKeyA 763A297F 7 Bytes JMP 00607D00 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteValueA 763A2F59 7 Bytes JMP 00607AD0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueA 763A30C8 7 Bytes JMP 00607D98 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteKeyW 763A38CD 7 Bytes JMP 00607AA4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyExA 763A39AB 5 Bytes JMP 006079F0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyA 763A3BA9 5 Bytes JMP 00607998 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueExA 763A3BEC 7 Bytes JMP 00607EE8 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegDeleteValueW 763A3FB6 7 Bytes JMP 00607AFC C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyA 763A89C7 5 Bytes JMP 00607C38 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumValueA 763A8A0B 7 Bytes JMP 00607BB0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumValueW 763A9850 7 Bytes JMP 00607BF4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumKeyExA 763B28D2 5 Bytes JMP 00607B28 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueW 763B32D4 7 Bytes JMP 00607DCC C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyW 763B391E 5 Bytes JMP 006079C4 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueExW 763B3D5A 7 Bytes JMP 00607F24 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCreateKeyExW 763B41F1 5 Bytes JMP 00607A34 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryInfoKeyW 763B48B4 7 Bytes JMP 00607D4C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueExA 763B7A9D 7 Bytes JMP 00607E00 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyExA 763B7C42 5 Bytes JMP 00607C90 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyW 763BE2B5 5 Bytes JMP 00607C64 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegQueryValueExW 763C765E 7 Bytes JMP 00607E3C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegCloseKey 763C7908 7 Bytes JMP 00607950 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegOpenKeyExW 763C7BA1 5 Bytes JMP 00607CC8 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegEnumKeyExW 763C7F52 7 Bytes JMP 00607B6C C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueW 763CB3E4 5 Bytes JMP 00607EB0 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\PROGRA~1\THEKMP~1\KMPlayer.exe[5164] ADVAPI32.dll!RegSetValueA 76405811 5 Bytes JMP 00607E78 C:\PROGRA~1\THEKMP~1\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Windows\system32\svchost.exe[5168] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C
.text C:\Windows\system32\svchost.exe[7432] kernel32.dll!WriteFile 762EABE1 5 Bytes JMP 0001000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FB90] \SystemRoot\System32\Drivers\spwx.sys
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\ailykpn9.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3172] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device 85F241F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device AF0491F8
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8515E1F8
Device \Driver\usbuhci \Device\USBPDO-0 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86E1D1F8
Device \Driver\usbehci \Device\USBPDO-2 86E201F8
Device \Driver\usbuhci \Device\USBPDO-3 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-4 86E1D1F8
Device \Driver\usbuhci \Device\USBPDO-5 86E1D1F8
Device \Driver\usbehci \Device\USBPDO-6 86E201F8
Device \Driver\PCI_PNP8723 \Device\00000057 spwx.sys
Device 8515E1F8

AttachedDevice tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\sptd \Device\3676586736 spwx.sys
Device \Driver\cdrom \Device\CdRom0 86DD91F8
Device \Driver\cdrom \Device\CdRom1 86DD91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F231F8
Device \Driver\atapi \Device\Ide\IdePort0 85F231F8
Device \Driver\atapi \Device\Ide\IdePort1 85F231F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85F231F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EBDF4CCB-9A5B-4417-BF61-C113EE32DD9A} 89F4B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 89F4B1F8
Device \Driver\Smb \Device\NetbiosSmb 89F551F8
Device \Driver\iScsiPrt \Device\RaidPort0 86FD71F8
Device \Driver\usbuhci \Device\USBFDO-0 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86E1D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D61207D6-2B83-49A4-B477-3E102C56AED9} 89F4B1F8
Device \Driver\usbehci \Device\USBFDO-2 86E201F8
Device \Driver\usbuhci \Device\USBFDO-3 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-4 86E1D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86E1D1F8
Device \Driver\usbehci \Device\USBFDO-6 86E201F8
Device \Driver\ailykpn9 \Device\Scsi\ailykpn91Port3Path0Target0Lun0 86DDE1F8
Device \Driver\ailykpn9 \Device\Scsi\ailykpn91 86DDE1F8
Device \FileSystem\cdfs \Cdfs 8597C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3d2fce
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e3d3d2fce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xE7 0x78 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xE9 0x65 0xBF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xB6 0xDB 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x87 0x03 0x1A ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\jungwpark@aol.com@6433e93964486a154be20cafe64d137f\r\n 0xD1 0x5E 0x42 0x7B ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB221$\2034599527 0 bytes
File C:\Windows\$NtUninstallKB221$\2034599527\L 0 bytes
File C:\Windows\$NtUninstallKB221$\2034599527\U 0 bytes
File C:\Windows\$NtUninstallKB221$\3280931714 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\01[1].htm 7306 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\01[2].htm 7282 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZZ5ACHV\data_sync[1].htm 572 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RNNRD4HC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CLR1OSCG.txt 365 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4CH5SAWX.txt 2727 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YFLUZ257.txt 422 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6I89WM46.txt 111 bytes

---- EOF - GMER 1.0.15 ----

jungwpark

Newbie Surfer
Newbie Surfer

Posts : 28
Joined : 2011-08-29
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Sponsored content Today at 2:58 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum