Win32/Cryptor Virus- Plz Help Remove

View previous topic View next topic Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 13th September 2011, 6:47 am

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Double-click SystemLook.exe to run it.
  • Copy the following text into the main textfield:

:filefind
spwx.sys
ailykpn9.SYS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop (SystemLook.txt.)

====================

Lets try ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. I hope it will run. Computers that had AVG installed, frequently have problems running this tool. If it works, please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 11:47 am

This is the result of running SystemLook:
SystemLook 30.07.11 by jpshortstuff
Log created at 07:37 on 13/09/2011 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "spwx.sys"
No files found.

Searching for "ailykpn9.SYS"
No files found.

-= EOF =-


jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 12:27 pm

Here are the results of ComboFix:
ComboFix 11-09-13.01 - Admin 09/13/2011 8:02:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1819 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Downloaded Installers
C:\Program Files\Downloaded Installers\{BA19D5DC-37BE-4FE5-98DB-1C35CA26592A}\setup.msi
C:\Program Files\Keyword Search
C:\Program Files\Keyword Search\uninstall.exe
C:\Program Files\StartNow Toolbar
C:\Program Files\StartNow Toolbar\Resources\images\btn-msn.png
C:\Program Files\StartNow Toolbar\Resources\images\chevronButton.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files\StartNow Toolbar\Resources\images\separator.png
C:\Program Files\StartNow Toolbar\Resources\images\splitter.png
C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files\StartNow Toolbar\Resources\installer.xml
C:\Program Files\StartNow Toolbar\Resources\protect\index.html
C:\Program Files\StartNow Toolbar\Resources\protect\NotIE6.css
C:\Program Files\StartNow Toolbar\Resources\protect\OnlyIE6.css
C:\Program Files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
C:\Program Files\StartNow Toolbar\Resources\protect\window.css
C:\Program Files\StartNow Toolbar\Resources\protect\window.js
C:\Program Files\StartNow Toolbar\Resources\reactivate\index.html
C:\Program Files\StartNow Toolbar\Resources\reactivate\LeftImage.png
C:\Program Files\StartNow Toolbar\Resources\reactivate\NotIE6.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\window.css
C:\Program Files\StartNow Toolbar\Resources\reactivate\window.js
C:\Program Files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
C:\Program Files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
C:\Program Files\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
C:\Program Files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
C:\Program Files\StartNow Toolbar\Resources\update.xml
C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files\StartNow Toolbar\Toolbar32.dll
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\StartNow Toolbar\uninstall.dat
C:\ProgramData\Tarma Installer
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Users\Admin\AppData\Local\ApplicationHistory
C:\Users\Admin\AppData\Local\ApplicationHistory\iPodBackup.exe.b23ccb5.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\PodLift.exe.89716162.ini
C:\Users\Admin\AppData\Local\ApplicationHistory\ToneThis.exe.4336f5ba.ini
C:\Users\Admin\AppData\Roaming\033E.F6A
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\okrm.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\rbbr.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\sewu.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\vaff.exe
C:\Users\Admin\Desktop\Search.lnk
C:\Windows\$NtUninstallKB221$
C:\Windows\$NtUninstallKB221$\3280931714
C:\Windows\system32\system


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service


((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))


2011-09-13 11:36:05 . 2011-09-13 11:36:41 -------- d-----w- C:\Program Files\FixCleaner
2011-09-12 12:08:02 . 2011-09-12 12:08:02 100864 ----a-w- C:\aglorpod.sys
2011-09-08 12:47:52 . 2011-09-08 12:47:52 -------- d-----w- C:\found.007
2011-09-04 06:11:51 . 2011-09-04 06:11:51 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2011-09-04 06:11:47 . 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-09-04 06:11:46 . 2011-09-04 06:11:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-04 06:11:43 . 2011-09-04 06:11:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-04 06:11:43 . 2011-07-06 23:52:42 22712 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-09-04 05:34:59 . 2011-09-04 05:34:59 -------- d-----w- C:\_OTL
2011-08-29 19:20:38 . 2011-09-04 05:23:39 -------- d-----w- C:\ProgramData\PC Tools
2011-08-29 02:40:04 . 2011-08-29 02:40:04 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-08-28 14:05:10 . 2011-08-28 14:05:10 -------- d-----w- C:\Users\Admin\AppData\Roaming\SmartPCTools
2011-08-28 06:17:31 . 2011-08-28 06:17:31 -------- d-----w- C:\Users\Admin\AppData\Roaming\Avira
2011-08-28 06:14:12 . 2011-08-28 13:33:18 66616 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2011-08-28 06:14:12 . 2011-08-28 13:33:18 138192 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2011-08-28 06:14:10 . 2011-08-28 06:14:10 -------- d-----w- C:\ProgramData\Avira
2011-08-28 06:14:10 . 2011-08-28 06:14:10 -------- d-----w- C:\Program Files\Avira
2011-08-28 05:51:24 . 2011-08-28 05:57:21 -------- d-----w- C:\15417789a839261edc54cc9feb88
2011-08-27 17:43:15 . 2011-08-27 17:43:19 -------- d-----w- C:\Riot Games
2011-08-27 17:18:14 . 2011-08-27 17:41:24 -------- d-----w- C:\Program Files\LeagueOfLegends
2011-08-27 05:45:44 . 2011-08-27 05:45:44 388096 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 05:45:43 . 2011-08-27 05:45:43 -------- d-----w- C:\Program Files\Trend Micro
2011-08-27 04:32:33 . 2011-09-13 11:38:29 -------- d-----w- C:\Users\Admin\AppData\Roaming\FixCleaner
2011-08-26 03:13:08 . 2011-08-26 03:13:37 -------- d-----w- C:\Users\Admin\AppData\Roaming\TS3Client
2011-08-24 22:14:59 . 2011-08-24 22:14:59 -------- d-----w- C:\Program Files\iPod
2011-08-24 13:57:31 . 2011-07-11 13:25:35 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-08-21 23:48:42 . 2011-08-21 23:48:56 -------- d-----w- C:\ProgramData\Giraffic
2011-08-21 23:48:41 . 2011-09-13 11:59:50 -------- d-----w- C:\Program Files\Giraffic
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-07 12:01:10 . 2011-05-24 00:11:10 404640 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 03:27:51 . 2010-04-21 00:03:11 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-08-07 22:49:45 . 2011-08-07 22:49:45 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54:43 . 2011-08-11 13:58:44 1797632 ----a-w- C:\Windows\system32\jscript9.dll
2011-07-22 02:48:26 . 2011-08-11 13:58:44 1126912 ----a-w- C:\Windows\system32\wininet.dll
2011-07-22 02:44:36 . 2011-08-11 13:58:46 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-07-12 15:20:54 . 2011-07-12 15:20:54 83816 ----a-w- C:\Windows\system32\dns-sd.exe
2011-07-12 15:20:54 . 2011-07-12 15:20:54 73064 ----a-w- C:\Windows\system32\dnssd.dll
2011-07-06 15:31:47 . 2011-08-11 02:55:00 214016 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 . 2011-07-05 22:37:00 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 . 2011-07-05 22:37:00 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2011-06-20 08:54:36 . 2011-08-11 02:54:37 3602832 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 . 2011-08-11 02:54:36 3550096 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 . 2011-08-11 02:54:33 905104 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-06-17 16:03:18 . 2011-08-11 02:55:04 375808 ----a-w- C:\Windows\system32\winsrv.dll
2011-09-03 06:01:45 . 2011-09-07 11:59:22 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F3D5040-D8E1-F5B4-150E-F532A5F23615}]
2011-07-03 22:15:03 1534976 ----a-w- C:\Program Files\SocialRibbons LP 1\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51:20 2695168 ----a-w- C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 14:51:20 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 14:51:20 2695168]

[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 07:05:18 960560]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 07:04:02 377248]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-17 21:55:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-17 21:55:36 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-17 21:55:42 137752]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 16:09:58 311296]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 19:26:48 835584]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 16:44:34 31072]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 21:24:52 71216]
"VERIZONDM"="C:\Program Files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 10:59:56 206120]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 16:56:32 4318520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 05:07:38 421736]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 11:53:33 281768]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 23:52:38 449584]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 01:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08:02 136136 ----a-w- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07:38 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 21:21:30 54832 ----a-w- C:\Program Files\Cyberlink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 20:03:34 4283256 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36:48 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11:16 2648184 ----a-w- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12:22 1652736 ----a-r- C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21:28 648072 ----a-w- C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R3 AhnFlt2k;AhnFlt2k; [x]
R3 AhnRec2k;AhnRec2k; [x]
R3 AhnRghNt;AhnRghNt; [x]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-30 19:35:12 28464]
R3 CdmDrvNt;CdmDrvNt; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 23:52:42 41272]
R3 TfNetMon;TfNetMon; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 17:16:28 753504]
R3 XDva370;XDva370; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 21:33:04 51040]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-01-10 04:45:08 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 16:55:28 64952]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2008-01-21 02:23:43 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 11:53:48 136360]
S2 Giraffic;Giraffic Video Accelerator;C:\Program Files\Giraffic\GirafficWatchdog.exe [2011-08-24 08:01:18 2219664]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 20:02:04 143360]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 23:52:38 366640]
S2 ServicepointService;ServicepointService;C:\Program Files\Verizon\VSP\ServicepointService.exe [2011-01-10 16:56:36 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 11:00:16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 11:00:24 185640]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-07-06 23:52:42 22712]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2008-01-30 16:25:06 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2008-01-30 16:25:06 43904]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2008-02-25 18:56:28 9344]
S3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2008-01-30 15:56:02 818688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2011-09-13 C:\Windows\Tasks\FixCleaner Scan.job
- C:\Program Files\FixCleaner\FixCleaner.exe [2011-08-12 13:10:20 . 2011-08-12 13:10:20]

2011-09-13 C:\Windows\Tasks\FixCleaner Startup.job
- C:\Program Files\FixCleaner\FixCleaner.exe [2011-08-12 13:10:20 . 2011-08-12 13:10:20]

2011-09-12 C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33:50 . 2010-11-05 16:33:50]


------- Supplementary Scan -------

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Quizulous_v2b Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Keyword Search - C:\Program Files\Keyword Search\uninstall.exe
AddRemove-StartNow Toolbar - C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\PROGRA~2\TARMAI~1\{889DF~1\Setup.exe



jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 13th September 2011, 1:19 pm

The combofix log is not complete, there is something missing at the end. Please post the rest as well.

You have not performed the un-installations that I recommended. Combofix identified the startnow toolbar as malware and killed it. I would have preferred to properly uninstall it, as indicated in one of my earlier posts.

Did you look at the Mozilla Firefix help link I proved and tried anything that was recommended there?

I want to help you get rid of the problems, but you are not helping yourself.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 13th September 2011, 3:30 pm

I believed that I had deleted most of the toolbars on the list that you have given me, but it seems somehow startnow was still installed afterwards. I have deleted AVG, all programs that I got with cracks/key gen, and Registry Doctor.
The Firefox link was a link that I had already looked at, and it did not give me any helpful solutions for the "unable to connect" page comes up on many sites. Apparently, Firefox can access those websites in Safe Mode, and many people on forums and whatnot say that it must be something to do with an extension or add-on, since Firefox supposedly works when its in Safe Mode :\.
Regarding Combofix, I selected all the text in the txt file and there seems to be no more. Should I run it again?

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 14th September 2011, 8:38 pm

My computer is experiencing intense lag at this point. When this happens, the RAM light (I think thats what it is? The picture with the cylinder next to the power light-up, and the battery light up if u understand what im trying to describe) is lit up continuously with no breaks in between (which i believe is to be normal?).

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 14th September 2011, 9:45 pm

Thank God! Due to your tad bit late response (not your fault, you have already stated in our first posts that you have your hobbies, job, and kids), I ran ComboFix again and it seemed to have fixed something, because now I can access the websites that were blocked before without a problem. Here are the results of ComboFix:
ComboFix 11-09-14.02 - Admin 09/14/2011 17:28:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1817 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
---- Previous Run -------
.
c:\program files\Downloaded Installers\{BA19D5DC-37BE-4FE5-98DB-1C35CA26592A}\setup.msi
c:\program files\Keyword Search\uninstall.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Admin\AppData\Local\ApplicationHistory\iPodBackup.exe.b23ccb5.ini
c:\users\Admin\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Admin\AppData\Local\ApplicationHistory\PodLift.exe.89716162.ini
c:\users\Admin\AppData\Local\ApplicationHistory\ToneThis.exe.4336f5ba.ini
c:\users\Admin\AppData\Roaming\033E.F6A
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\oa8qiguk7842pd22q1e34iwoay2mg512j52524h788la
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\okrm.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\rbbr.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\sewu.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Templates\vaff.exe
c:\users\Admin\Desktop\Search.lnk
c:\windows\$NtUninstallKB221$\3280931714
c:\windows\system32\system
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-14 21:37 . 2011-09-14 21:37 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-09-14 21:37 . 2011-09-14 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 23:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-12 12:08 . 2011-09-12 12:08 100864 ----a-w- C:\aglorpod.sys
2011-09-08 12:47 . 2011-09-08 12:47 -------- d-----w- C:\found.007
2011-09-04 06:11 . 2011-09-04 06:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-09-04 06:11 . 2011-09-04 06:11 -------- d-----w- c:\programdata\Malwarebytes
2011-09-04 06:11 . 2011-09-14 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 06:11 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 05:34 . 2011-09-04 05:34 -------- d-----w- C:\_OTL
2011-08-29 19:20 . 2011-09-04 05:23 -------- d-----w- c:\programdata\PC Tools
2011-08-29 02:40 . 2011-08-29 02:40 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-28 14:05 . 2011-08-28 14:05 -------- d-----w- c:\users\Admin\AppData\Roaming\SmartPCTools
2011-08-28 06:17 . 2011-08-28 06:17 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2011-08-28 06:14 . 2011-08-28 13:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-28 06:14 . 2011-08-28 13:33 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-28 06:14 . 2011-08-28 06:14 -------- d-----w- c:\programdata\Avira
2011-08-28 06:14 . 2011-08-28 06:14 -------- d-----w- c:\program files\Avira
2011-08-28 05:51 . 2011-08-28 05:57 -------- d-----w- C:\15417789a839261edc54cc9feb88
2011-08-27 17:43 . 2011-08-27 17:43 -------- d-----w- C:\Riot Games
2011-08-27 17:18 . 2011-08-27 17:41 -------- d-----w- c:\program files\LeagueOfLegends
2011-08-27 05:45 . 2011-08-27 05:45 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 05:45 . 2011-08-27 05:45 -------- d-----w- c:\program files\Trend Micro
2011-08-27 04:32 . 2011-09-14 11:57 -------- d-----w- c:\users\Admin\AppData\Roaming\FixCleaner
2011-08-26 03:13 . 2011-08-26 03:13 -------- d-----w- c:\users\Admin\AppData\Roaming\TS3Client
2011-08-24 22:14 . 2011-08-24 22:14 -------- d-----w- c:\program files\iPod
2011-08-24 13:57 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-21 23:48 . 2011-08-21 23:48 -------- d-----w- c:\programdata\Giraffic
2011-08-21 23:48 . 2011-09-14 21:18 -------- d-----w- c:\program files\Giraffic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 12:01 . 2011-05-24 00:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 03:27 . 2010-04-21 00:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-07 22:49 . 2011-08-07 22:49 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54 . 2011-08-11 13:58 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 13:58 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 13:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-06 15:31 . 2011-08-11 02:55 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-20 08:54 . 2011-08-11 02:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-11 02:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-11 02:54 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-11 02:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 06:01 . 2011-09-07 11:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F3D5040-D8E1-F5B4-150E-F532A5F23615}]
2011-07-03 22:15 1534976 ----a-w- c:\program files\SocialRibbons LP 1\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960560]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-17 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-17 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 835584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 01:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 21:21 54832 ----a-w- c:\program files\Cyberlink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 20:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnFlt2k;AhnFlt2k; [x]
R3 AhnRec2k;AhnRec2k; [x]
R3 AhnRghNt;AhnRghNt; [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-30 28464]
R3 CdmDrvNt;CdmDrvNt; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TfNetMon;TfNetMon; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva370;XDva370; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-10 691696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe [2011-08-24 2219664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-01-30 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-01-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-02-25 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-01-30 818688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Verizon - AOL Toolbar Search - c:\programdata\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Quizulous_v2b Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-14 17:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.avgldx86]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9A964391-F5AF-4FAD-9964-51C4ED876F20}"=hex:51,66,7a,6c,4c,1d,38,12,ff,40,85,
9e,9d,bb,c3,0a,e6,72,12,84,e8,d9,2b,34
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"=hex:51,66,7a,6c,4c,1d,38,12,6c,6f,c6,
68,7f,85,db,04,df,e8,f7,39,03,42,8f,55
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{0FBB9689-D3D7-4F7A-A2E2-585B10099BFC}"=hex:51,66,7a,6c,4c,1d,38,12,e7,95,a8,
0b,e5,9d,14,0a,dd,f4,1b,1b,15,57,df,e8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{86916F9E-4C81-42F8-9D60-4A1A54DAE898}"=hex:51,66,7a,6c,4c,1d,38,12,f0,6c,82,
82,b3,02,96,07,e2,76,09,5a,51,84,ac,8c
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DA3D342F-FF20-4E31-9E82-22334155730C}"=hex:51,66,7a,6c,4c,1d,38,12,41,37,2e,
de,12,b1,5f,0b,e1,94,61,73,44,0b,37,18
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,be,e2,e6,f5,0d,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-14 17:41:29
ComboFix-quarantined-files.txt 2011-09-14 21:41
.
Pre-Run: 17,739,132,928 bytes free
Post-Run: 17,796,263,936 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2FA0F0623CE52526C0E8B4401E416BF6

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 12:03 am

I spoke too soon. I have no idea what I did, but the websites don't work anymore after I shut it down and went out for an errand. When I came back and turned the computer on, the websites did not work once again.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 15th September 2011, 7:03 am

Can you run OTL again, with a script?

  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

====================

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

====================

Also please explain again which websites are working, which not and what the differences are between running FF, chrome or IExplorer.

====================

We need to know the DNS (Domain Name Server) settings of your router.
To find out the DNS settings of your router, you will have to access your router (requiring username and password) and look up those settings.
If you don´t know how to do that, please consult the manual of the router. If you can´t locate this manual, you can try:
  • To download the manual at the website of the router´s manufacturer.
  • Consult [You must be registered and logged in to see this link.]. It will explain for various brands of routers how to change DNS settings (Don´t actually change anything! Just list the IP addresses that your router reports as DNS servers).

An example of what we are looking for:

In the above example, you would report to me "208.67.222.222" and "208.67.220.220".

If you don´t find the option of DNS servers, depending on the type of router, you might have to look under an option called "DHCP Server" and find the settings for the DNS servers, which by some routers is called "Static DNS".

Please let me know if you run into any kind of trouble.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:30 am

Here is the Kaspersky TDSSKiller Report along with the DNS info:
DNS (The 2 "numbers" were listed under "DNS Server" and was not differentiated like in your previous post as Primary and Secondary :
71.252.0.12 (First number in the list, so I assume this was the primary)
71.242.0.12 (Secondary?)
Kaspersky:
2011/09/15 07:21:11.0988 5816 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 07:21:12.0106 5816 ================================================================================
2011/09/15 07:21:12.0106 5816 SystemInfo:
2011/09/15 07:21:12.0106 5816
2011/09/15 07:21:12.0106 5816 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/15 07:21:12.0106 5816 Product type: Workstation
2011/09/15 07:21:12.0106 5816 ComputerName: ADMIN-PC
2011/09/15 07:21:12.0106 5816 UserName: Admin
2011/09/15 07:21:12.0106 5816 Windows directory: C:\Windows
2011/09/15 07:21:12.0106 5816 System windows directory: C:\Windows
2011/09/15 07:21:12.0106 5816 Processor architecture: Intel x86
2011/09/15 07:21:12.0106 5816 Number of processors: 2
2011/09/15 07:21:12.0106 5816 Page size: 0x1000
2011/09/15 07:21:12.0106 5816 Boot type: Normal boot
2011/09/15 07:21:12.0106 5816 ================================================================================
2011/09/15 07:21:20.0975 5816 Initialize success
2011/09/15 07:21:28.0658 4560 ================================================================================
2011/09/15 07:21:28.0658 4560 Scan started
2011/09/15 07:21:28.0658 4560 Mode: Manual;
2011/09/15 07:21:28.0658 4560 ================================================================================
2011/09/15 07:21:30.0005 4560 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/15 07:21:30.0272 4560 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/15 07:21:30.0633 4560 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/15 07:21:30.0812 4560 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/15 07:21:31.0017 4560 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/15 07:21:31.0315 4560 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/15 07:21:31.0598 4560 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/15 07:21:32.0036 4560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/15 07:21:32.0407 4560 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/15 07:21:32.0492 4560 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/15 07:21:32.0795 4560 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/15 07:21:32.0941 4560 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/15 07:21:33.0066 4560 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/15 07:21:33.0445 4560 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/15 07:21:33.0689 4560 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/15 07:21:34.0072 4560 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/15 07:21:34.0119 4560 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/15 07:21:34.0493 4560 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/15 07:21:34.0908 4560 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/15 07:21:35.0387 4560 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/15 07:21:35.0558 4560 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/15 07:21:35.0718 4560 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/15 07:21:35.0841 4560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/15 07:21:36.0052 4560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/15 07:21:36.0255 4560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/15 07:21:36.0329 4560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/15 07:21:36.0404 4560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/15 07:21:36.0457 4560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/15 07:21:36.0537 4560 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/15 07:21:36.0812 4560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/15 07:21:37.0310 4560 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/15 07:21:37.0675 4560 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/15 07:21:38.0004 4560 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/15 07:21:38.0106 4560 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2011/09/15 07:21:38.0731 4560 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2011/09/15 07:21:39.0102 4560 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/15 07:21:39.0238 4560 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/15 07:21:39.0774 4560 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/15 07:21:39.0831 4560 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/15 07:21:40.0153 4560 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/15 07:21:40.0396 4560 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/15 07:21:40.0700 4560 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/15 07:21:41.0081 4560 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/15 07:21:41.0254 4560 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/15 07:21:41.0303 4560 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/15 07:21:41.0373 4560 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/15 07:21:41.0466 4560 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/15 07:21:41.0897 4560 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/15 07:21:42.0349 4560 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/15 07:21:42.0819 4560 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/15 07:21:42.0943 4560 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/15 07:21:43.0251 4560 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/15 07:21:43.0439 4560 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/15 07:21:43.0607 4560 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/15 07:21:43.0784 4560 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/15 07:21:43.0861 4560 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/15 07:21:43.0982 4560 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/15 07:21:44.0195 4560 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/15 07:21:44.0227 4560 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/15 07:21:44.0288 4560 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/15 07:21:44.0322 4560 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/15 07:21:44.0375 4560 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/15 07:21:44.0624 4560 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/15 07:21:44.0661 4560 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/15 07:21:44.0753 4560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/15 07:21:44.0982 4560 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/09/15 07:21:45.0152 4560 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 07:21:45.0352 4560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/15 07:21:45.0395 4560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/15 07:21:45.0454 4560 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/15 07:21:45.0600 4560 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/15 07:21:45.0718 4560 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/15 07:21:45.0874 4560 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/15 07:21:46.0005 4560 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/15 07:21:46.0139 4560 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/15 07:21:46.0239 4560 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/15 07:21:46.0313 4560 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/15 07:21:46.0432 4560 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/15 07:21:46.0771 4560 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/15 07:21:46.0984 4560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/15 07:21:47.0082 4560 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/15 07:21:47.0271 4560 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/15 07:21:47.0352 4560 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 07:21:47.0563 4560 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/15 07:21:47.0611 4560 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/15 07:21:47.0657 4560 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/15 07:21:47.0967 4560 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/15 07:21:48.0051 4560 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/15 07:21:48.0310 4560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/15 07:21:48.0353 4560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/15 07:21:48.0398 4560 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/15 07:21:48.0500 4560 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/15 07:21:48.0702 4560 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/15 07:21:49.0023 4560 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/15 07:21:49.0131 4560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/15 07:21:49.0352 4560 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/15 07:21:49.0414 4560 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/15 07:21:49.0456 4560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/15 07:21:49.0714 4560 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/15 07:21:50.0062 4560 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/15 07:21:50.0142 4560 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/15 07:21:50.0270 4560 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/15 07:21:50.0489 4560 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/15 07:21:50.0584 4560 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/15 07:21:50.0623 4560 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/15 07:21:50.0785 4560 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/15 07:21:50.0874 4560 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/15 07:21:50.0916 4560 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/15 07:21:51.0111 4560 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/15 07:21:51.0179 4560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/15 07:21:51.0400 4560 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/15 07:21:51.0787 4560 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/15 07:21:51.0905 4560 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/15 07:21:52.0023 4560 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 07:21:52.0135 4560 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 07:21:52.0333 4560 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 07:21:52.0480 4560 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/15 07:21:52.0600 4560 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/15 07:21:52.0735 4560 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/15 07:21:52.0871 4560 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/15 07:21:52.0912 4560 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/15 07:21:53.0061 4560 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/15 07:21:53.0210 4560 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/15 07:21:53.0306 4560 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/15 07:21:53.0348 4560 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/15 07:21:53.0536 4560 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/15 07:21:53.0593 4560 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/15 07:21:53.0702 4560 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/15 07:21:53.0908 4560 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/15 07:21:54.0190 4560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/15 07:21:54.0250 4560 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/15 07:21:54.0416 4560 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/15 07:21:54.0534 4560 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/15 07:21:54.0686 4560 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/15 07:21:54.0880 4560 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/15 07:21:55.0372 4560 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/15 07:21:55.0730 4560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/15 07:21:55.0797 4560 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/15 07:21:56.0013 4560 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/15 07:21:56.0117 4560 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/15 07:21:56.0410 4560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/15 07:21:56.0475 4560 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/15 07:21:56.0711 4560 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/15 07:21:56.0763 4560 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/15 07:21:56.0837 4560 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/15 07:21:57.0316 4560 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/15 07:21:57.0447 4560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/15 07:21:57.0640 4560 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/15 07:21:57.0746 4560 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/15 07:21:57.0898 4560 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/15 07:21:57.0979 4560 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/15 07:21:58.0102 4560 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/15 07:21:58.0329 4560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/15 07:21:58.0618 4560 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/15 07:21:58.0656 4560 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/15 07:21:58.0722 4560 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/15 07:21:59.0068 4560 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/15 07:21:59.0314 4560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/15 07:21:59.0358 4560 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/15 07:21:59.0443 4560 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/15 07:21:59.0594 4560 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/15 07:21:59.0640 4560 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/15 07:21:59.0699 4560 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 07:21:59.0968 4560 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/15 07:22:00.0107 4560 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/15 07:22:00.0383 4560 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/15 07:22:00.0522 4560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 07:22:00.0758 4560 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/15 07:22:00.0933 4560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/15 07:22:01.0129 4560 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/15 07:22:01.0294 4560 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/15 07:22:01.0487 4560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/15 07:22:01.0645 4560 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/15 07:22:01.0775 4560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/15 07:22:01.0880 4560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/15 07:22:02.0049 4560 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/15 07:22:02.0124 4560 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/15 07:22:02.0184 4560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/15 07:22:02.0333 4560 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/15 07:22:02.0472 4560 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/15 07:22:02.0514 4560 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/15 07:22:02.0891 4560 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/15 07:22:03.0231 4560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/15 07:22:03.0474 4560 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/15 07:22:03.0566 4560 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/15 07:22:03.0639 4560 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/15 07:22:03.0894 4560 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/15 07:22:03.0966 4560 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
2011/09/15 07:22:04.0125 4560 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/15 07:22:04.0342 4560 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/15 07:22:04.0342 4560 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/15 07:22:04.0349 4560 sptd - detected LockedFile.Multi.Generic (1)
2011/09/15 07:22:04.0588 4560 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/15 07:22:04.0682 4560 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/15 07:22:04.0946 4560 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/15 07:22:05.0027 4560 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/15 07:22:05.0281 4560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/15 07:22:05.0455 4560 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/15 07:22:05.0615 4560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/15 07:22:05.0793 4560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/15 07:22:06.0024 4560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/15 07:22:06.0165 4560 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/15 07:22:06.0568 4560 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/15 07:22:07.0012 4560 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/15 07:22:07.0282 4560 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/15 07:22:07.0406 4560 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/15 07:22:07.0646 4560 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\Windows\system32\DRIVERS\tdrpm174.sys
2011/09/15 07:22:07.0923 4560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/15 07:22:07.0983 4560 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/15 07:22:08.0141 4560 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/15 07:22:09.0120 4560 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2011/09/15 07:22:09.0368 4560 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/09/15 07:22:09.0425 4560 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
2011/09/15 07:22:09.0774 4560 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 07:22:09.0880 4560 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/15 07:22:10.0051 4560 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/15 07:22:10.0157 4560 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/15 07:22:10.0493 4560 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/15 07:22:10.0841 4560 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/15 07:22:11.0222 4560 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/15 07:22:11.0493 4560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/15 07:22:11.0644 4560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/15 07:22:11.0897 4560 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/15 07:22:11.0987 4560 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/15 07:22:12.0036 4560 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/15 07:22:12.0161 4560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/15 07:22:12.0244 4560 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/15 07:22:12.0312 4560 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/15 07:22:12.0423 4560 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/15 07:22:12.0497 4560 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/15 07:22:12.0538 4560 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 07:22:12.0586 4560 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/15 07:22:12.0643 4560 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/15 07:22:12.0784 4560 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/15 07:22:12.0876 4560 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/15 07:22:12.0922 4560 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/15 07:22:12.0962 4560 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/15 07:22:13.0070 4560 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/15 07:22:13.0109 4560 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/15 07:22:13.0165 4560 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/15 07:22:13.0225 4560 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/15 07:22:13.0347 4560 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/15 07:22:13.0411 4560 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/15 07:22:13.0474 4560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/15 07:22:13.0527 4560 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 07:22:13.0546 4560 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 07:22:13.0665 4560 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/09/15 07:22:13.0725 4560 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/15 07:22:13.0785 4560 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/15 07:22:14.0096 4560 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/15 07:22:14.0423 4560 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/15 07:22:14.0570 4560 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/15 07:22:14.0842 4560 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/15 07:22:14.0929 4560 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 07:22:15.0070 4560 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/15 07:22:15.0239 4560 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/09/15 07:22:15.0311 4560 MBR (0x1B8) (48e4fb73037ed2932d5e6bde31e6ee60) \Device\Harddisk0\DR0
2011/09/15 07:22:15.0315 4560 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/15 07:22:15.0338 4560 Boot (0x1200) (a64fbb2fecebf87d3f6989199ff00713) \Device\Harddisk0\DR0\Partition0
2011/09/15 07:22:15.0369 4560 Boot (0x1200) (1c0b528129dc4023e3636664cc1ded10) \Device\Harddisk0\DR0\Partition1
2011/09/15 07:22:15.0374 4560 ================================================================================
2011/09/15 07:22:15.0374 4560 Scan finished
2011/09/15 07:22:15.0374 4560 ================================================================================
2011/09/15 07:22:15.0388 3996 Detected object count: 2
2011/09/15 07:22:15.0388 3996 Actual detected object count: 2
2011/09/15 07:22:28.0278 3996 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/15 07:22:28.0369 3996 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/15 07:22:28.0369 3996 \Device\Harddisk0\DR0 - ok
2011/09/15 07:22:28.0370 3996 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:32 am

Here is the OTL log you requested:
OTL logfile created on: 9/15/2011 7:20:26 AM - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.31% Memory free
6.18 Gb Paging File | 4.61 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 15.38 Gb Free Space | 18.52% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 6.36 Gb Free Space | 50.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/28 22:27:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.com
PRC - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe
PRC - [2011/08/24 04:01:04 | 003,655,296 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Giraffic.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/21 03:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 03:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 08:01:09 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 10:11:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:08:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:57:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/10 12:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/01/17 17:55:40 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/28 09:33:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/24 04:01:18 | 002,219,664 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/05 12:37:57 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2009/01/21 03:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/08/30 18:10:42 | 001,562,381 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/10 00:45:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/28 18:55:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/11/28 18:55:43 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/28 18:55:43 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/28 18:55:40 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/02/25 14:56:28 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 12:25:06 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/01/30 12:25:06 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 11:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/29 21:14:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c200e798-529d-4847-8b76-4abeb4658d41} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C EC D0 15 49 C6 1D 41 BF D5 A3 57 DB BD C8 7A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Quizulous_v2b Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/01 01:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 07:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 07:53:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2011/01/01 01:06:46 | 000,000,000 | ---D | M]

[2009/11/29 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/09/13 00:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions
[2010/04/27 03:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}-TRASH
[2011/06/23 19:22:08 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/09/11 20:56:52 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\anttoolbar@ant.com
[2011/01/01 02:57:59 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\nkxri7hd.default\extensions\searchrecs@veoh.com
[2009/12/11 02:15:08 | 000,004,554 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aim-search.xml
[2010/01/07 16:37:32 | 000,000,653 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\aol-search.xml
[2011/08/21 19:49:03 | 000,002,259 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\bing-zugo.xml
[2011/06/23 14:31:42 | 000,000,929 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nkxri7hd.default\searchplugins\conduit.xml
[2011/09/07 07:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 00:15:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/20 20:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 21:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 15:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/05 23:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/05 23:27:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/14 06:26:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/09/14 17:37:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files\SocialRibbons LP 1\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Verizon - AOL Toolbar Loader) - {86916f9e-4c81-42f8-9d60-4a1a54dae898} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Verizon - AOL Toolbar) - {9a964391-f5af-4fad-9964-51c4ed876f20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon - AOL Toolbar) - {9A964391-F5AF-4FAD-9964-51C4ED876F20} - C:\Program Files\Verizon - AOL Toolbar\verizontb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Verizon - AOL Toolbar Search - C:\ProgramData\Verizon - AOL Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: ServicepointService - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 07:20:33 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/09/14 17:41:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/14 17:41:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/14 17:41:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2011/09/14 17:27:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/14 09:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Durarara
[2011/09/13 18:16:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Anime
[2011/09/13 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fashion Inspiration
[2011/09/13 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Shinkyoku Soukai Polyphonica S2
[2011/09/13 07:50:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/13 07:50:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/13 07:50:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/13 07:50:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/13 07:50:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/13 07:43:23 | 004,209,769 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/12 08:08:02 | 000,100,864 | ---- | C] (GMER) -- C:\aglorpod.sys
[2011/09/08 08:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/08 08:47:52 | 000,000,000 | ---D | C] -- C:\found.007
[2011/09/05 23:28:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 02:11:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011/09/04 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/04 02:11:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/04 02:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 01:34:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Fixing the Comp
[2011/08/30 12:02:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/29 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/28 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/28 10:05:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SmartPCTools
[2011/08/28 02:17:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011/08/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/08/28 02:14:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/08/28 02:14:12 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 02:14:12 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/28 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/28 01:51:24 | 000,000,000 | ---D | C] -- C:\15417789a839261edc54cc9feb88
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/27 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/08/27 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/27 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/27 00:32:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FixCleaner
[2011/08/25 23:13:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2011/08/24 18:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 09:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/21 19:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/08/21 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic

========== Files - Modified Within 30 Days ==========

[2011/09/15 07:20:35 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 07:10:24 | 3211,173,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 00:36:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/14 23:25:59 | 001,213,468 | ---- | M] () -- C:\Users\Admin\Desktop\dmv39.pdf
[2011/09/14 18:25:52 | 231,889,236 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/14 17:37:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/14 17:27:19 | 004,209,769 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/14 17:16:20 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 17:53:59 | 000,668,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/13 17:53:59 | 000,130,384 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/12 21:59:45 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/12 08:13:58 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
[2011/09/12 08:08:02 | 000,100,864 | ---- | M] (GMER) -- C:\aglorpod.sys
[2011/09/12 08:06:53 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/09/11 20:59:50 | 000,008,301 | ---- | M] () -- C:\Users\Admin\Desktop\276001_740789936_120149666_n.jpg
[2011/09/07 08:01:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/07 07:59:26 | 000,000,830 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 23:46:48 | 000,053,757 | ---- | M] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/05 23:27:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/05 23:27:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/05 23:27:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/04 17:51:40 | 000,012,979 | ---- | M] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 09:57:05 | 000,088,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 18:35:19 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/08/30 13:18:30 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/08/28 14:28:21 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/08/28 09:33:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/08/28 09:33:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/28 02:14:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 02:36:54 | 000,002,483 | ---- | M] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | M] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/20 12:10:53 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

========== Files Created - No Company Name ==========

[2011/09/14 23:25:59 | 001,213,468 | ---- | C] () -- C:\Users\Admin\Desktop\dmv39.pdf
[2011/09/14 18:25:52 | 231,889,236 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/13 07:50:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/13 07:50:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/13 07:50:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/13 07:50:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/13 07:50:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/12 21:59:45 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/12 08:13:58 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2249123214-3724410968-1299857953-1000.job
[2011/09/12 08:06:53 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/09/11 20:59:50 | 000,008,301 | ---- | C] () -- C:\Users\Admin\Desktop\276001_740789936_120149666_n.jpg
[2011/09/07 07:59:25 | 000,000,830 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/07 07:59:25 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 23:46:48 | 000,053,757 | ---- | C] () -- C:\Users\Admin\Desktop\ScreenHunter_01 Sep. 06 23.46.gif
[2011/09/04 17:51:40 | 000,012,979 | ---- | C] () -- C:\Users\Admin\Desktop\275264_740789936_3462334_n.jpg
[2011/09/04 02:11:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 18:36:42 | 3211,173,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 13:18:30 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2011/08/30 12:03:44 | 000,879,225 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/08/28 02:14:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/08/27 13:49:20 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/08/27 01:45:43 | 000,002,483 | ---- | C] () -- C:\Users\Admin\Desktop\HiJackThis.lnk
[2011/08/24 18:15:26 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 12:27:58 | 000,001,624 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/21 19:48:38 | 000,001,952 | ---- | C] () -- C:\Users\Admin\Desktop\Veoh Web Player.lnk
[2011/08/09 17:40:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/20 00:38:31 | 001,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/02/20 00:38:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/02/20 00:38:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/02/20 00:38:31 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2011/02/20 00:38:30 | 000,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/12/06 02:21:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/26 23:14:43 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/26 23:14:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/20 20:50:54 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileJoin.ini
[2010/01/08 11:22:53 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/30 21:11:41 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2009/11/30 16:06:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/30 16:06:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/30 08:18:06 | 000,000,236 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\iPod Access v4 Prefs
[2009/11/30 08:15:48 | 000,000,011 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\iPodAccess_Time
[2009/11/30 07:57:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/30 07:24:37 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2009/11/29 21:26:08 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\winscp.rnd
[2009/11/29 20:20:10 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/29 19:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/28 21:15:53 | 000,088,576 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:26:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/28 19:12:39 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/11/28 19:12:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2009/11/28 19:12:37 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/11/28 19:07:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/11/28 18:24:13 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/10/30 11:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/16 04:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,668,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,130,384 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/30 12:02:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2011/09/14 17:27:19 | 004,209,769 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2011/09/12 08:06:53 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\fc6rk1jz.exe
[2011/08/30 12:04:10 | 000,879,225 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2011/09/15 07:20:35 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/03 02:01:45 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/03 02:01:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/03 02:01:45 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 07:10:39 | 000,005,280 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2006/11/02 03:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2010/01/10 00:45:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2009/11/28 18:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/06/16 19:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/21 11:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2011/04/18 01:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/08/29 15:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Antbar
[2010/01/15 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/08 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/06 23:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/08/28 02:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/05/26 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/26 23:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVSMedia
[2010/12/16 00:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/08/06 13:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/11 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/09/14 17:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/28 19:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/27 12:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink
[2010/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2011/01/18 22:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Daum
[2011/08/20 12:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2011/05/26 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/05/18 01:16:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Hide Folder
[2011/07/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/09/15 07:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Giraffic
[2009/12/02 06:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2011/05/24 19:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2011/08/27 13:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/28 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2011/08/11 10:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/24 18:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/25 21:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Access for Windows
[2009/11/30 07:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod Copier 1.0
[2011/08/24 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/01 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/09 16:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2009/11/29 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\JoinSaw
[2011/08/27 13:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\LeagueOfLegends
[2011/09/14 17:17:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 07:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/30 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/16 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/07 20:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/28 19:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/11/09 06:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 18:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 11:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/13 07:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/07 20:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/11/28 19:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2010/10/30 21:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/06 13:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/01/01 01:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/06 02:20:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/07/03 18:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\SocialRibbons LP 1
[2011/02/20 00:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Solveig Multimedia
[2009/11/28 19:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/08/11 10:10:43 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/11/28 19:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/08/09 17:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/06 00:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2009/11/29 21:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\ToneThis
[2011/08/27 01:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/12 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/08/09 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/03/29 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2011/02/10 22:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/07 16:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon - AOL Toolbar
[2010/11/22 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2010/01/07 16:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/29 21:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/11/28 19:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 11:34 am

Here is Part 2 of OTL.txt, along with the Extra.txt
[2009/11/30 17:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/30 17:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/11/30 17:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/07 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/09/13 19:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 19:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/30 17:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/12/01 02:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/11/30 17:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/29 21:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/29 21:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/11/29 21:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2011/07/03 18:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-13 23:47:51

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 02:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/20 09:24:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/20 09:24:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2010/01/02 15:28:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ
[2010/01/02 15:28:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\䰀Ğ

< End of report >
OTL Extras logfile created on: 9/15/2011 7:20:26 AM - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.31% Memory free
6.18 Gb Paging File | 4.61 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83.01 Gb Total Space | 15.38 Gb Free Space | 18.52% Space Free | Partition Type: NTFS
Drive D: | 12.60 Gb Total Space | 6.36 Gb Free Space | 50.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2249123214-3724410968-1299857953-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A3D323-AE69-4DE2-B20F-ACCD952022AA}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{0B437597-91EF-42A3-BEC6-D43CBA9222E0}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher |
"{0BBF5271-DA8D-4564-967C-8245F4AFC4AF}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{1099C141-8C65-4FCE-AE4F-D063BB1EB89B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{10DA03A8-274C-4DD6-85D0-1CC6766CAAF6}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{12412044-A9F3-4037-BC49-677FD3972556}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{13483F27-4AAF-4235-A32B-2DE9C19EFBA8}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{13E87C8A-F3B4-417E-AA61-9F23EB0873BF}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{159837C9-F3DD-45DC-9483-307B67E4E10D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{165993D4-4D63-4531-903F-F1E916BB8384}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{173B904F-A81A-4B55-9F42-65C2307AF996}" = lport=6962 | protocol=6 | dir=in | name=league of legends launcher |
"{183FEC8C-88F1-41F7-80E9-C09E0F381913}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{190093A6-614D-4A09-96B6-2AB1A1118444}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{190DB5F1-9AA2-4A88-A516-A71667196A02}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{1E5ED2CF-72CB-4909-8ADC-A29828AC95A3}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{1E97B74A-B4A6-43ED-9D69-ED6B4500060E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{1F91D7E5-53D4-4362-A312-90E482C2A841}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21D2777A-40CD-47D6-B46D-8A6D4D8A6427}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{23146826-E32C-47BF-BEA4-E7B2A44A126A}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{23A52D61-64B0-4C5F-884C-2F78DCC776F6}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{25E3EE3D-9957-4AA7-812B-4CE3FC2BEB50}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279260E5-FEF1-4DB7-B866-2CE073445A00}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{29B04333-9197-4E2B-9EDF-6C95AAFB3D8B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{2C52FFEA-719E-45AC-BE84-C88F424D0C64}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{2C750EA4-FA4E-41CD-9CAE-96A57512922F}" = lport=445 | protocol=6 | dir=in | app=system |
"{319615F0-7C04-4D39-9D1F-383B0579A388}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{31B8E44A-F45C-4B6E-AB3B-E03920840ABE}" = rport=138 | protocol=17 | dir=out | app=system |
"{339128DA-2C68-442F-9B62-4CC245DC5CF2}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{33B09F2B-3247-4851-B1C5-8B6677BEF614}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{35A8FD7D-C834-49FF-BCD5-75CE6514853E}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{37288CCB-70A9-4210-933E-43D867DB5385}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{375745D7-220F-4A3F-905D-7E4440DAC2B7}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{39D89762-3F9F-41E2-B3FC-E2FCA2FAA8DF}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{3A5215C0-225C-4708-ACFD-B2E81BFB0B32}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{3A54002D-1F39-474F-91B6-FA7235ED00A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{3AF7E628-326A-4A6F-89FD-CBD0DEFED23A}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{3BB38632-7C07-4A8D-98E1-36105981F5CB}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{404431FF-962B-462F-A7EB-A97A6180F2F1}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{40A0A23D-C8AC-4BD4-80C5-FC7469509B45}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{40A90B69-094D-43F3-8856-C5A00E00515E}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{442A4B0D-5A61-415B-B348-90A3F189003F}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{455355F8-B43C-4F12-97A6-D656995DA4CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{46B0C7D6-3C7D-496B-97DF-F54BA880FA09}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
"{470B7EDE-EE29-4E60-A81B-619BA6C63583}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{4A3A0410-A36F-46F9-9C96-37E69677DAC5}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{4B06C6E8-1CEF-427B-996A-727D93AD3BD1}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{4B90E19A-4172-46FD-8508-D4DA4AA5ECE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D0FFFC2-802C-406C-8D05-02E948E55FF1}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{4D94FCF6-ECA4-4A4C-A534-BD865B5C6CB2}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DCC247D-90E1-470C-AEA0-DC3094059E3C}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher |
"{4F0179D7-2EAB-4C05-92CB-09EF741E7DFC}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher |
"{4FC9CF35-609E-40A0-85A1-5B1FA5DFEDA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50CBDF4C-CFFF-4066-8F66-5A94509B473D}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{51FB9642-1DA8-47A0-9EF9-71C54685A667}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{54EA3E4C-AF1A-4F0A-B059-2FAF09F04B07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D5542D-DBFE-4364-B229-6D6A03A4A756}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher |
"{56E08EDF-6FAD-40EB-82C4-CA08CF13BE4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57236925-6ACB-4AD4-A260-EA5E896F9A0C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5A5278EF-D558-4610-B277-1B79E233D2AD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5ADE2B52-F095-4A30-8973-AF770706A098}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{5D4D7938-6AF8-49D8-B383-7382BA2FF027}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{5E0F8E79-6597-4E42-A00B-937A9BD1F81D}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{5F1FAD54-88FF-4BD1-A9AD-B798E4728965}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher |
"{5F5C2F26-4046-4DD2-AB47-13A5CE45CE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69038CCF-006D-44C0-B237-336DD2B582A1}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{69194A7D-6E07-45D4-B74E-AAEEAAEC9160}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{699CFBAF-F787-4CA5-818D-212E0FEC9BB4}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{6B46DD77-8662-4EAF-B256-E91C41922D9F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C17F023-650E-4EBC-96C4-B0C84BC906C4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{6E880397-5FEC-4C74-88A1-D3BA1391A733}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{6E9470F1-C8CE-4AC8-B5B6-7018C590BC70}" = lport=138 | protocol=17 | dir=in | app=system |
"{7374D1D9-C807-4ECC-AB06-3847E7B41693}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{76989483-6CB1-4877-A5DC-808BA02FE60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76E9FDB7-6CA9-4DD5-B0CF-59C98B28B7EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{7757FE35-6D4A-4F09-ADCC-9A27BA52EEFD}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{794A3C33-A9CD-46C5-9A55-97E6DE532E73}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{795D5D37-8A20-4DC1-9D9E-B318E7FDFAF9}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher |
"{7E654170-7387-4BA3-8433-D9D4CC1EFB02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{813A9B45-D3B1-4A6D-9209-7C11318CA0FC}" = lport=6112 | protocol=17 | dir=in | name=starcraft |
"{81AEA6C0-B5FD-41CF-AEB7-532760B0F165}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{84B13428-C3D4-4E25-AC13-38EB091DC467}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{88BB4695-5A68-46E1-B73B-8224391DFD0B}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{88CAB7E9-7884-4CBC-8228-35A416D5C18E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{8B9EC83C-5769-444B-9490-11A236CBE83F}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{8C52F557-3FD4-4059-82F1-7536A5CCF2E7}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{90FC84BB-9604-4FC6-AA58-42459DF24E7A}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{939E5701-E8C9-45AE-8100-68522DEE4C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95BA6732-3EB9-43CD-AD2B-A92F4FFC53FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97524C56-CFE7-46B8-AB10-E3E23FB9D9D9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{980DE2E7-4E66-4B2A-94C8-2B24FE521710}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{997141F6-1DC9-41FB-A3D8-B4C3C3B43ABF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9BD81228-B8AF-4729-9D94-EC39F9023094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DF7D15E-EE1D-4110-B7C2-27F04EC67216}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C28F9-3D30-499F-88E7-B2C1F0191F80}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher |
"{9E601724-B8DE-4200-9545-90AAE42E57FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A024A2A9-4FD7-41B4-BB7F-1C9C1B68214B}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{A46800FC-E0BE-4F5D-B871-DA551E1C2347}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A5638083-6918-4BFA-BF52-6357E514792C}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{A701BE5E-87CA-4036-BCDC-D769816FBACB}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{A8F32150-09E3-46D8-BA43-79F3579888DA}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{A97990D9-53FF-417B-A63E-97211678CC4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD4EB7DC-9E0D-4325-9DE9-5A55AB1D1421}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{AEAFFBFC-363D-46A0-969A-B74CE8B453F3}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4206F9-4544-47B9-B0BB-7790FE40C970}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{B12C9047-6FBD-4517-B07C-3E01E54A5129}" = lport=49309 | protocol=6 | dir=in | name=akamai netsession interface |
"{B23BAECD-5057-4719-8BB1-183C92F69185}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530D81E-D7C9-4D52-994E-05C33084E62A}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{B8538551-3AA1-4586-9C35-7EAEB1320A81}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{B89ADA89-D1A2-439D-A3C6-A0CC778561C7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{BDBEC5EB-12D7-4B3C-AA0A-57615F40AE38}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{C232EB13-277F-4E64-B626-B753D100814A}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{C2AAA4EF-7AF5-44D4-9A0C-C3E1E18EB183}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{C386B2D5-2FDC-464C-9D9B-A265CB5C2539}" = lport=6962 | protocol=17 | dir=in | name=league of legends launcher |
"{C645F34C-FE6F-4E98-A287-A7F8BEFBB275}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{C90AA3F7-CF70-4F06-A8B4-B1F6BF1448A0}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{CC60E6A5-737A-4906-8992-72378B712488}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{CEF3EE49-D9F1-4584-91BE-FC687498433F}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher |
"{D112D3C9-288E-420A-8A9F-345AD69C510F}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{D1E551C1-A721-4EC1-AD8A-B8A552BE9C01}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
"{D1EDAD76-FE38-446A-BC62-25559DA8A20D}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{D23C8CF6-0E0D-4749-A41A-64577D550DA1}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D449411C-E9EC-4B46-8117-827A1A749AD2}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{D45E0D78-74AB-4EC0-8671-F85C8A63413F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D503811E-A8E1-4AB9-903B-585CF3ADBDBC}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D5725A21-5C09-44E4-82FA-DBC721203675}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{D5BFE526-02F8-4A57-B0C2-4B6B37496914}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{D617BB75-A207-4E46-9B16-E42AA65BB87D}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D6912923-1DF6-458C-9A0D-788703D75DA7}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{D8899722-DC18-40CC-9750-8FF7A2488FC1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{DCE1BA94-471A-4DA2-B712-2594A9A33A0E}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{DDBB8C43-3DC1-4362-98CF-1FDE043F399E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F041061E-5215-44DC-B6F5-474A3B39B4AC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{F3C31069-07F5-4372-8089-EE0389E9964B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5815EFE-E650-43AE-9661-2038DADFC880}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
"{F7922FFB-CBC8-474D-ACAD-A2D7B688C550}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{F867D1CC-715E-41F8-8DF7-D5BD70027605}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{FB9298C3-5001-466F-8FA3-9A1D8E76A0F7}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{FD8D6D24-47FF-493D-9084-B0C0CAA1D93F}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{FE7B498F-8E99-4CBD-9887-09897873901B}" = lport=6112 | protocol=6 | dir=in | name=starcraft |
"{FF4C0E11-1CA3-4A1D-9865-0CC77CF7B14C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FF6C43B0-DE05-4E5F-BED7-F1E6DB06CE42}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA16D-755D-4E9C-9832-9090EF6A7ADD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C43F356-6C53-42D3-B0DA-287B59BF23B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{107847FD-907A-4DE0-80C0-AD15D3A1BB9F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11A645F6-16F6-4FA5-A44D-E1997D572104}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15007A92-3C24-4E92-81C6-A5C8FC46B61A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29165D34-2BD2-45BE-BBAA-35D96A79FCA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3092CD86-98D1-4233-8368-EE6CA0BB3748}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3AD2F8EB-2A45-4961-B768-A49AB6A65927}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{42BE5386-FDD7-4223-9888-277DB3D3DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{478BCCF8-FE7E-4E29-ACE0-E11DD4143109}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488C3249-6CF3-4F75-B34F-A5C9E69D311D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B42CC87-61D2-4799-90E4-0550499BBA32}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4CC85903-88C0-4BAD-A660-25A4836E50EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{533039FE-52B0-4B8F-8853-59451DCA2F72}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{575A2FE7-D75B-4172-9F56-5B2248D776A0}" = protocol=6 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{5870BD9C-BF07-44B2-B75B-0D3FDE4B9DB9}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{5CB28A0F-267F-4C0E-8238-74DBFC373500}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5DB7E2B1-FBEA-4956-832A-45E082DFF3A7}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{6DA9C81F-C01F-4DB4-BBA8-60D91AF59EEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{737221E6-84BA-42A9-AFD1-3D8C549A3DA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7C0A1EE6-5372-4F01-A657-BC4C00C23B3C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7E784AEE-9644-4F1B-88DA-BE8F8A1DC872}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8628E406-BDD7-4E8A-939F-76EDAF978B82}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B02DB57-3090-47D0-B382-692785A0D670}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{944845B5-F603-45FB-9311-A97335DF2BCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9723D8EB-F55A-4038-BE41-8F773554ECA9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{979DF4DF-58D1-4D46-9FF4-644373D6771A}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9BE02B71-4EA7-4EAD-8B52-727B956E58D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A2892120-330B-488F-B327-CC701287E30A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4070725-CE07-4808-8BB5-02148A4F568D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAF6FFF4-D180-4B51-BABE-C5A2FFC8705A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{B2ABDD43-C8B8-4EBE-B810-3464ECE1D604}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F42550-EDF8-4B4F-A0A7-B94118EC95D4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C2DA1FA0-A126-41B3-B593-777B34DD04F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C350AD24-59C6-4F46-90AB-BB18453273EE}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{C6EEE6A8-78C6-44A0-86FA-77D094F9A501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CFFFFECB-85EE-4D02-BE1D-97D53EA659BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D61E30C9-1A22-44F9-AF5A-521FDBF182C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E0D31C3B-985A-4C80-97D8-C355E83175CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0F62584-5F8C-4B2D-A817-F2C19B2B4249}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{E5956A52-2F57-4A1F-A750-40F0D05943B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE37BF2A-E961-4043-B1C8-D070172EBC24}" = protocol=17 | dir=in | app=c:\program files\socialribbons lp 1\troubleshooter.exe |
"{FADFB46C-298C-4081-8E14-1FD635714E89}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{FB915FAF-237F-42AE-AD1A-18C11A4AB4F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FD4F45A6-D41B-4767-B0C4-6D0602E365E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FE14BABD-B1B1-4FD4-80A2-51D00DD8205E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF5EFFFB-5F7C-4EB9-8D44-75444652CC58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{0D83FA58-36B4-45B5-AA7F-C8CA485FD7A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{1416E23D-9E10-4C07-8EA4-6D4EFA9B3F57}I:\techwizard.exe" = protocol=6 | dir=in | app=i:\techwizard.exe |
"TCP Query User{8460E902-AEBD-4A36-AEC5-F4431D7B9549}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{AE553DD2-4BEE-48DD-85F4-D364E1120831}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{F7AF3BB6-586F-4F88-AAA2-F7F8E9B23B0D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{41C33E99-5FA7-4260-80A2-D034DF4F8884}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{67C8C370-6DCB-4CB3-BB75-ECA5121E71FB}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{71950748-4285-4CC2-9457-956C98A52C84}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{9D513242-3561-4D05-9921-68E8C74B64C8}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{B75D48F9-4303-488E-9354-4B589B4BF954}I:\techwizard.exe" = protocol=17 | dir=in | app=i:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 3.1_is1" = AVS Video Editor 3.1.1.93
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DemoApp" = Fast File Saw & Joiner V3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Hide Folder" = Free Hide Folder
"Free Video Dub_is1" = Free Video Dub version 1.8.11.426
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Giraffic" = Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"iPod Access for Windows_is1" = iPod Access for Windows v4.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"SocialRibbons LP 1" = SocialRibbons LP 1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"ToneThis" = ToneThis
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Verizon - AOL Toolbar" = Verizon - AOL Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2011 6:27:35 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2011 10:46:15 PM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/14/2011 10:54:43 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2011 11:42:18 PM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/14/2011 11:46:03 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 12:04:06 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2011 7:23:02 AM | Computer Name = Admin-PC | Source = SPP | ID = 16387
Description =

Error - 9/15/2011 7:23:02 AM | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 11/29/2009 9:02:11 PM | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 9/14/2011 11:48:02 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 12:07:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/15/2011 7:12:13 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 15th September 2011, 11:44 am

ALLRIGHT

TDSSKiller found a MBR rootkit, which other tools did not.

Please rerun TDSSKiller and post the log and the same for aswMBR.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 15th September 2011, 7:28 pm

Here are the results for TDSSKiller and aswMBR, respectively:

TDSSKiller:
2011/09/15 15:07:24.0231 3448 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 15:07:24.0367 3448 ================================================================================
2011/09/15 15:07:24.0367 3448 SystemInfo:
2011/09/15 15:07:24.0367 3448
2011/09/15 15:07:24.0367 3448 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/15 15:07:24.0367 3448 Product type: Workstation
2011/09/15 15:07:24.0367 3448 ComputerName: ADMIN-PC
2011/09/15 15:07:24.0367 3448 UserName: Admin
2011/09/15 15:07:24.0367 3448 Windows directory: C:\Windows
2011/09/15 15:07:24.0367 3448 System windows directory: C:\Windows
2011/09/15 15:07:24.0367 3448 Processor architecture: Intel x86
2011/09/15 15:07:24.0367 3448 Number of processors: 2
2011/09/15 15:07:24.0367 3448 Page size: 0x1000
2011/09/15 15:07:24.0367 3448 Boot type: Normal boot
2011/09/15 15:07:24.0367 3448 ================================================================================
2011/09/15 15:07:42.0374 3448 Initialize success
2011/09/15 15:07:45.0308 4052 ================================================================================
2011/09/15 15:07:45.0308 4052 Scan started
2011/09/15 15:07:45.0308 4052 Mode: Manual;
2011/09/15 15:07:45.0308 4052 ================================================================================
2011/09/15 15:07:46.0074 4052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/15 15:07:46.0384 4052 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/15 15:07:46.0549 4052 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/15 15:07:46.0645 4052 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/15 15:07:46.0760 4052 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/15 15:07:46.0905 4052 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/15 15:07:47.0119 4052 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/15 15:07:47.0446 4052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/15 15:07:47.0639 4052 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/15 15:07:47.0746 4052 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/15 15:07:48.0016 4052 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/15 15:07:48.0362 4052 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/15 15:07:48.0498 4052 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/15 15:07:48.0733 4052 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/15 15:07:49.0054 4052 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/15 15:07:49.0193 4052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/15 15:07:49.0329 4052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/15 15:07:49.0492 4052 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/15 15:07:49.0565 4052 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/15 15:07:49.0853 4052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/15 15:07:50.0213 4052 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/15 15:07:50.0472 4052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/15 15:07:50.0540 4052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/15 15:07:50.0729 4052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/15 15:07:50.0887 4052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/15 15:07:51.0195 4052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/15 15:07:51.0236 4052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/15 15:07:51.0367 4052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/15 15:07:51.0469 4052 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/15 15:07:51.0555 4052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/15 15:07:51.0631 4052 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/15 15:07:51.0831 4052 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/09/15 15:07:51.0892 4052 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/15 15:07:51.0961 4052 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2011/09/15 15:07:52.0119 4052 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2011/09/15 15:07:52.0179 4052 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/15 15:07:52.0237 4052 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/15 15:07:52.0518 4052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/15 15:07:52.0630 4052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/15 15:07:52.0674 4052 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/15 15:07:52.0740 4052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/15 15:07:52.0921 4052 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/15 15:07:52.0980 4052 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/15 15:07:53.0042 4052 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/15 15:07:53.0113 4052 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/15 15:07:53.0206 4052 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/15 15:07:53.0342 4052 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/15 15:07:53.0440 4052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/15 15:07:53.0514 4052 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/09/15 15:07:53.0618 4052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/15 15:07:53.0820 4052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/15 15:07:53.0916 4052 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/15 15:07:54.0083 4052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/15 15:07:54.0162 4052 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/15 15:07:54.0249 4052 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/15 15:07:54.0406 4052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/15 15:07:54.0514 4052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/15 15:07:54.0605 4052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/15 15:07:54.0699 4052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/15 15:07:54.0752 4052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/15 15:07:54.0822 4052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/15 15:07:54.0914 4052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/15 15:07:55.0090 4052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/15 15:07:55.0233 4052 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/15 15:07:55.0483 4052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/15 15:07:55.0775 4052 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/09/15 15:07:55.0896 4052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 15:07:55.0973 4052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/15 15:07:56.0105 4052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/15 15:07:56.0230 4052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/15 15:07:56.0343 4052 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/15 15:07:56.0493 4052 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/15 15:07:56.0761 4052 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/15 15:07:56.0948 4052 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/15 15:07:57.0049 4052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/15 15:07:57.0260 4052 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/15 15:07:57.0312 4052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/15 15:07:57.0370 4052 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/15 15:07:57.0758 4052 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/15 15:07:58.0094 4052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/15 15:07:58.0158 4052 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/15 15:07:58.0403 4052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/15 15:07:58.0451 4052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 15:07:58.0685 4052 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/15 15:07:58.0721 4052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/15 15:07:58.0767 4052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/15 15:07:58.0844 4052 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/15 15:07:58.0950 4052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/15 15:07:59.0043 4052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/15 15:07:59.0085 4052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/15 15:07:59.0286 4052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/15 15:07:59.0465 4052 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/15 15:07:59.0645 4052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/15 15:07:59.0922 4052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/15 15:07:59.0974 4052 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/15 15:08:00.0040 4052 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/15 15:08:00.0213 4052 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/15 15:08:00.0288 4052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/15 15:08:00.0491 4052 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
2011/09/15 15:08:00.0750 4052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/15 15:08:00.0885 4052 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/15 15:08:01.0090 4052 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/15 15:08:01.0210 4052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/15 15:08:01.0349 4052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/15 15:08:01.0399 4052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/15 15:08:01.0572 4052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/15 15:08:01.0712 4052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/15 15:08:01.0905 4052 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/15 15:08:02.0032 4052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/15 15:08:02.0256 4052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/15 15:08:02.0410 4052 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/15 15:08:02.0875 4052 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/15 15:08:03.0115 4052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/15 15:08:03.0266 4052 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 15:08:03.0456 4052 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 15:08:03.0543 4052 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 15:08:03.0702 4052 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/15 15:08:03.0743 4052 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/15 15:08:03.0845 4052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/15 15:08:04.0103 4052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/15 15:08:04.0267 4052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/15 15:08:04.0304 4052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/15 15:08:04.0475 4052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/15 15:08:04.0703 4052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/15 15:08:04.0758 4052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/15 15:08:04.0902 4052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/15 15:08:05.0092 4052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/15 15:08:05.0321 4052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/15 15:08:05.0495 4052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/15 15:08:05.0778 4052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/15 15:08:05.0871 4052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/15 15:08:06.0048 4052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/15 15:08:06.0222 4052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/15 15:08:06.0374 4052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/15 15:08:06.0498 4052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/15 15:08:07.0038 4052 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/15 15:08:07.0240 4052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/15 15:08:07.0295 4052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/15 15:08:07.0356 4052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/15 15:08:07.0494 4052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/15 15:08:07.0765 4052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/15 15:08:07.0863 4052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/15 15:08:08.0099 4052 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/15 15:08:08.0162 4052 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/15 15:08:08.0236 4052 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/15 15:08:08.0493 4052 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/15 15:08:08.0646 4052 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/15 15:08:08.0838 4052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/15 15:08:08.0889 4052 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/15 15:08:08.0975 4052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/15 15:08:09.0167 4052 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/15 15:08:09.0234 4052 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/15 15:08:09.0340 4052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/15 15:08:09.0583 4052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/15 15:08:09.0654 4052 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/15 15:08:09.0743 4052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/15 15:08:10.0045 4052 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/15 15:08:10.0257 4052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/15 15:08:10.0324 4052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/15 15:08:10.0420 4052 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/09/15 15:08:10.0671 4052 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/09/15 15:08:10.0828 4052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/15 15:08:10.0920 4052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 15:08:11.0011 4052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/15 15:08:11.0184 4052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/15 15:08:11.0386 4052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/15 15:08:11.0576 4052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 15:08:11.0656 4052 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/15 15:08:11.0686 4052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/15 15:08:11.0817 4052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/15 15:08:12.0056 4052 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/15 15:08:12.0142 4052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/15 15:08:12.0298 4052 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/15 15:08:12.0407 4052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/15 15:08:12.0567 4052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/15 15:08:12.0626 4052 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/15 15:08:12.0757 4052 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/15 15:08:12.0961 4052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/15 15:08:13.0076 4052 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/09/15 15:08:13.0282 4052 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/15 15:08:13.0401 4052 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/15 15:08:13.0590 4052 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/15 15:08:13.0663 4052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/15 15:08:13.0895 4052 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/15 15:08:13.0943 4052 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/15 15:08:14.0027 4052 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/15 15:08:14.0248 4052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/15 15:08:14.0344 4052 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\Windows\system32\DRIVERS\snman380.sys
2011/09/15 15:08:14.0468 4052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/15 15:08:14.0665 4052 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/15 15:08:14.0665 4052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/15 15:08:14.0673 4052 sptd - detected LockedFile.Multi.Generic (1)
2011/09/15 15:08:14.0972 4052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/15 15:08:15.0104 4052 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/15 15:08:15.0356 4052 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/15 15:08:15.0493 4052 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/15 15:08:15.0614 4052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/15 15:08:15.0809 4052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/15 15:08:15.0858 4052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/15 15:08:15.0958 4052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/15 15:08:16.0111 4052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/15 15:08:16.0197 4052 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/15 15:08:16.0384 4052 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/15 15:08:16.0635 4052 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/15 15:08:16.0892 4052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/15 15:08:16.0961 4052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/15 15:08:17.0335 4052 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\Windows\system32\DRIVERS\tdrpm174.sys
2011/09/15 15:08:17.0644 4052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/15 15:08:17.0748 4052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/15 15:08:17.0984 4052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/15 15:08:18.0284 4052 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2011/09/15 15:08:18.0478 4052 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/09/15 15:08:18.0583 4052 timounter (394fc70b88b7958fa85798bbc76d140a) C:\Windows\system32\DRIVERS\timntr.sys
2011/09/15 15:08:18.0828 4052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 15:08:18.0890 4052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/15 15:08:19.0049 4052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/15 15:08:19.0178 4052 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/15 15:08:19.0330 4052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/15 15:08:19.0639 4052 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/15 15:08:19.0823 4052 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/15 15:08:20.0081 4052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/15 15:08:20.0209 4052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/15 15:08:20.0418 4052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/15 15:08:20.0530 4052 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/15 15:08:20.0757 4052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/15 15:08:20.0859 4052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/15 15:08:21.0054 4052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/15 15:08:21.0178 4052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/15 15:08:21.0388 4052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/15 15:08:21.0563 4052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/15 15:08:21.0748 4052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 15:08:21.0873 4052 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/15 15:08:22.0088 4052 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/15 15:08:22.0416 4052 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/15 15:08:22.0586 4052 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/15 15:08:22.0721 4052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/15 15:08:22.0860 4052 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/15 15:08:22.0958 4052 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/15 15:08:23.0175 4052 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/15 15:08:23.0241 4052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/15 15:08:23.0368 4052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/15 15:08:23.0635 4052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/15 15:08:23.0765 4052 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/15 15:08:24.0006 4052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/15 15:08:24.0115 4052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 15:08:24.0144 4052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/15 15:08:24.0386 4052 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/09/15 15:08:24.0546 4052 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/15 15:08:24.0763 4052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/15 15:08:25.0072 4052 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/15 15:08:25.0333 4052 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/15 15:08:25.0480 4052 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/15 15:08:25.0664 4052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/15 15:08:25.0773 4052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 15:08:25.0864 4052 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/15 15:08:26.0104 4052 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/09/15 15:08:26.0165 4052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/15 15:08:26.0220 4052 Boot (0x1200) (a64fbb2fecebf87d3f6989199ff00713) \Device\Harddisk0\DR0\Partition0
2011/09/15 15:08:26.0257 4052 Boot (0x1200) (1c0b528129dc4023e3636664cc1ded10) \Device\Harddisk0\DR0\Partition1
2011/09/15 15:08:26.0279 4052 ================================================================================
2011/09/15 15:08:26.0280 4052 Scan finished
2011/09/15 15:08:26.0280 4052 ================================================================================
2011/09/15 15:08:26.0291 4436 Detected object count: 1
2011/09/15 15:08:26.0291 4436 Actual detected object count: 1
2011/09/15 15:08:34.0672 4436 LockedFile.Multi.Generic(sptd) - User select action: Skip
__________________________________________________________
Here is the aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-15 15:04:14
-----------------------------
15:04:14.582 OS Version: Windows 6.0.6002 Service Pack 2
15:04:14.582 Number of processors: 2 586 0x1706
15:04:14.583 ComputerName: ADMIN-PC UserName: Admin
15:04:50.689 Initialize success
15:05:30.564 AVAST engine defs: 11091500
15:06:54.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:06:54.048 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
15:06:54.051 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006d
15:06:54.054 Disk 1 Vendor: ( Size: 114473MB BusType: 0
15:06:54.059 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
15:06:54.062 Disk 2 Vendor: ( Size: 114473MB BusType: 0
15:06:56.078 Disk 0 MBR read successfully
15:06:56.081 Disk 0 MBR scan
15:06:56.091 Disk 0 Windows VISTA default MBR code
15:06:56.097 Disk 0 scanning sectors +234436545
15:06:56.187 Disk 0 scanning C:\Windows\system32\drivers
15:07:11.828 Service scanning
15:07:13.423 Service .avgldx86 \* **LOCKED** 123
15:07:13.651 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:07:14.227 Modules scanning
15:07:41.136 Disk 0 trace - called modules:
15:07:41.154 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x863241f8]<<
15:07:41.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6e788]
15:07:41.155 3 CLASSPNP.SYS[8b96c8b3] -> nt!IofCallDriver -> [0x863ce830]
15:07:41.155 5 acpi.sys[833c26bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863a2840]
15:07:41.155 \Driver\atapi[0x863a2030] -> IRP_MJ_CREATE -> 0x863241f8
15:07:42.598 AVAST engine scan C:\Windows
15:07:54.799 AVAST engine scan C:\Windows\system32
15:10:55.785 AVAST engine scan C:\Windows\system32\drivers
15:11:10.173 AVAST engine scan C:\Users\Admin
15:18:11.778 AVAST engine scan C:\ProgramData
15:20:48.209 Scan finished successfully
15:22:43.992 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
15:22:44.001 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"




jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 16th September 2011, 10:00 am

Ok, the infection is gone.

It was pretty well hidden.
The router settings are OK.

Anything good happened to your internet?

Also
Also please explain again which websites are working, which not and what the differences are between running FF, chrome or IExplorer.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 16th September 2011, 11:57 am

Oh it seems I may have missed that part about the websites. Well, websites that I go to (which I have checked to see if it works in both Mozilla & Internet Explorer) like Google, Youtube, Facebook, seem to work. But certain websites such as anilinkz.com (its where i stream my anime), download sites like filemonster.com, random pop-ups also cant seem to come up sometimes, get the "unable to connect" message.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 19th September 2011, 12:21 pm

Sorry, i´ve been busy elsewhere for a couple of days and limited [You must be registered and logged in to see this link.]

I´m a bit puzzled by what is happening. As far as I can see you computer is clean of malware. When it goes beyond malware cleaning, my support will be less efficient.

I suppose you have already tried to uninstall and reinstall Firefox?

When you go to Control Panel -> Internet Options -> Connections Tab -> Lan Settings, there is no proxy server installed?

You might post your problem in one of our other tech forums....

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by jungwpark on 19th September 2011, 11:08 pm

I have un-installed and installed Firefox 2 times :\, but yes, the malware is definitely gone and you have my gratitude.
I will check out GeekPolice's other forums for assistance with this matter. Thank you for all your help up until now.

jungwpark
Novice
Novice

Posts Posts : 28
Joined Joined : 2011-08-29
OS OS : Windows Vista Home Premium
Points Points : 19698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Cryptor Virus- Plz Help Remove

Post by Gabethebabe on 20th September 2011, 8:35 pm

Another thing you could try is go to Tools ==> Addons and disable/enable addons and see if any of them causes this problem.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38248
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum