Extreme amounts of malware

View previous topic View next topic Go down

Extreme amounts of malware

Post by dirtychicken on Sun 16 Sep 2012, 3:23 pm

Hello GeekPolice,

I have a ridiculous amount of malware that needs to be addressed, and your gentlemanly help would be much appreciated. I'm experiencing a LOT of slowdown, and it's beyond the point where i can just ignore the problem anymore. I will split the OTL.txt log file into two posts, and the extras.txt and adware.txt files will accompany their respective posts.

Thanks so much,

dirtychicken


OTL.txt

OTL logfile created on: 9/15/2012 11:43:48 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\alex\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 83.88% Memory free
11.99 Gb Paging File | 10.52 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498.42 Gb Total Space | 431.32 Gb Free Space | 86.54% Space Free | Partition Type: NTFS
Drive K: | 97.66 Gb Total Space | 97.56 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 23:28:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Downloads\OTL.com
PRC - [2012/09/09 20:36:39 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\alex\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/27 23:52:19 | 001,193,176 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/12/13 18:07:19 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/13 18:07:19 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,127,192 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/25 11:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 23:52:19 | 001,193,176 | ---- | M] () -- C:\Users\alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/02/09 21:28:59 | 006,104,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\sfzone\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/28 14:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/10 18:54:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/12/13 18:07:19 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/06 19:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/03/06 19:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/28 13:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/03 04:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 04:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/01/03 04:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/01/03 04:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/04/28 13:16:22 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:16:20 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/09/04 13:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 13:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 4F D3 39 DD AA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{57E347C8-85C9-49AE-B71B-5542DB33526E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alex\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alex\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/12 21:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/20 18:00:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 00:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/12 21:46:46 | 000,000,000 | ---D | M]

[2012/09/04 23:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions
[2012/09/13 22:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\lggyp8wm.default\extensions
[2012/09/13 22:49:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\lggyp8wm.default\extensions\plugin@yontoo.com
[2012/09/10 18:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/10 18:54:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 22:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/24 22:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\alex\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\alex\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\alex\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\alex\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\alex\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: PageFont = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhgdgbkkkdmdbbgjnnfcikmahppapom\1.3_0\
CHR - Extension: PageFont = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjfhpfmmjmnlfcicfibaghcijgajlea\1.3_0\
CHR - Extension: PageFont = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlphaihpjbfjcgmpfgpgihlkmkkfcfak\1.3_0\
CHR - Extension: avast! WebRep = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Yontoo = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: 4chan Plus = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\alex\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.50.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B073BAAC-1321-49A7-AC85-072D9AF205DF}: DhcpNameServer = 10.50.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{892acbf4-a75b-11e1-9389-001fe259ca5a}\Shell - "" = AutoRun
O33 - MountPoints2\{892acbf4-a75b-11e1-9389-001fe259ca5a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{d683258f-cea8-11e1-ac72-001fe259ca5a}\Shell - "" = AutoRun
O33 - MountPoints2\{d683258f-cea8-11e1-ac72-001fe259ca5a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\alex\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: SandboxieControl - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: IMFservice - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Sun 16 Sep 2012, 3:24 pm


NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 22:08:25 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\39602936.sys
[2012/09/15 12:00:52 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Macrovision
[2012/09/13 22:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/09/13 22:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/09/13 22:26:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\E177E04D548C4006A465EEB92D3DE021
[2012/09/13 22:26:35 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Programs
[2012/09/13 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minitab Solutions
[2012/09/13 22:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minitab 15
[2012/09/13 22:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012/09/13 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Downloaded Installations
[2012/09/12 16:51:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 16:51:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 16:51:00 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 16:37:25 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 00:29:55 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Apple Computer
[2012/09/11 00:23:48 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Apple Computer
[2012/09/11 00:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/11 00:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/09/11 00:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/11 00:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/09/11 00:16:12 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Apple
[2012/09/11 00:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/09/11 00:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/09/10 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/04 23:32:06 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Mozilla
[2012/09/04 23:32:06 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Mozilla
[2012/09/04 23:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/04 23:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/04 19:24:45 | 000,000,000 | ---D | C] -- C:\197c810cedb6ab660de1
[2012/09/01 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATT-HSI
[2012/09/01 22:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2012/09/01 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/09/01 22:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/08/27 23:52:28 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Local\Spotify
[2012/08/27 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\alex\AppData\Roaming\Spotify
[2012/08/24 21:55:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/24 21:55:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/24 21:55:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/24 21:55:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/24 21:55:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/24 21:55:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/24 21:55:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/24 21:55:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/24 21:55:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/24 21:55:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/24 21:55:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/24 21:55:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/24 21:55:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/24 21:52:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/24 21:52:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/24 21:52:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/24 21:52:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/24 21:52:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/24 21:52:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/24 21:52:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/24 21:52:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2 C:\Users\alex\Documents\*.tmp files -> C:\Users\alex\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/15 23:41:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218629971-1370854036-1900963934-1001UA.job
[2012/09/15 22:08:25 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\39602936.sys
[2012/09/15 22:03:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/15 20:41:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218629971-1370854036-1900963934-1001Core.job
[2012/09/15 12:15:14 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 12:15:14 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 12:09:56 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/15 12:09:56 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/15 12:09:56 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/15 12:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/15 12:00:13 | 535,433,215 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/13 22:26:33 | 000,000,065 | ---- | M] () -- C:\Windows\minitab.ini
[2012/08/24 22:16:30 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/22 14:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 14:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2 C:\Users\alex\Documents\*.tmp files -> C:\Users\alex\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 22:26:33 | 000,000,065 | ---- | C] () -- C:\Windows\minitab.ini
[2012/09/11 00:16:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/04 23:32:04 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 23:52:28 | 000,001,785 | ---- | C] () -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/04/01 14:20:56 | 004,478,976 | ---- | C] () -- C:\Windows\es.exe
[2012/01/20 10:47:49 | 001,493,528 | ---- | C] () -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/01/20 10:47:49 | 000,068,616 | ---- | C] () -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/01/20 10:47:48 | 003,851,784 | ---- | C] () -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/01/20 10:47:48 | 000,467,984 | ---- | C] () -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 21:42:48 | 000,218,551 | ---- | C] () -- C:\Windows\hpwins14.dat
[2012/01/12 21:42:48 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011/11/24 17:38:38 | 000,002,104 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/11/17 14:28:52 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/11/17 12:03:24 | 000,747,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\alex\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\alex\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\alex\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\alex\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/17 11:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/17 11:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/17 11:27:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/10 18:53:43 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/10 18:54:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/17 11:27:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/17 11:27:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/17 11:27:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/02/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/09/11 00:16:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2012/06/27 22:38:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2012/09/01 22:06:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATT-HSI
[2012/09/11 00:16:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/12/05 13:06:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2012/07/13 22:18:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electric Sheep
[2012/06/08 22:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Heroes of Newerth
[2012/03/20 09:56:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2012/01/20 10:43:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/09/11 00:17:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/06/29 14:58:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit
[2012/03/26 22:09:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/06/27 22:38:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2011/11/17 12:48:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/04/07 03:00:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/11/24 17:48:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/01 03:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/24 03:01:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/17 12:50:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/11/17 12:50:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/11/17 12:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/11/17 12:48:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/11/17 15:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/09/13 22:26:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Minitab 15
[2012/09/10 23:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/10 23:58:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/11/17 12:51:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/01/14 04:00:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/19 23:57:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2012/07/22 23:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pokemon Online
[2012/09/11 00:17:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/08/29 15:58:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/03/25 19:44:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sophos
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/01/11 20:05:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/11/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/11/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/11/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/11/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/11/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/03/24 01:39:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2012/09/13 22:49:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 09:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/24 01:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/24 01:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 02:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 02:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 09:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 02:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/08/17 18:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\alex\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2011/02/10 08:17:43 | 000,189,440 | ---- | M] () MD5=9066865287BC8BCC428FEB990CB58A48 -- C:\Program Files\AVAST Software\Avast\sfzone\locales\es.dll
[2012/08/29 22:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\alex\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 05:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 19:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 13:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 06:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 07:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/08/22 14:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2010/04/09 07:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012/03/30 06:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2010/04/09 03:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/09/29 12:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/09/29 12:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012/08/22 14:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/08/22 14:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 12:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 02:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 02:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Sun 16 Sep 2012, 3:26 pm

OTL Extras logfile created on: 9/15/2012 11:43:48 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\alex\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.03 Gb Available Physical Memory | 83.88% Memory free
11.99 Gb Paging File | 10.52 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498.42 Gb Total Space | 431.32 Gb Free Space | 86.54% Space Free | Partition Type: NTFS
Drive K: | 97.66 Gb Total Space | 97.56 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD3146-DAAC-4F5F-BF2C-69AAE861F526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06418850-B30D-4CB5-A2DA-5B11F6BA3360}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C37827C-B60E-4A46-9B52-3EEF91FCC4BC}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E574023-4270-4499-A47E-E8FCA72D65B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1159EFF3-3660-466C-9195-0246EB9ABC36}" = rport=10243 | protocol=6 | dir=out | app=system |
"{17A1FF39-20D4-4823-9646-3D9A11B3A1D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{327EC4BB-C877-4E2C-8861-F60CF848F4DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{43B1BE84-1313-4252-A5C5-085B376003BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4EC5370F-219D-42A3-8CA2-46DC566E0D92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{636B3168-A290-4688-BF50-7CE21DBE541A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CA1D3F7-AAF0-4253-948C-AC2D9782E80F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6DD96308-907E-44E1-B188-9B73CAC9324C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{725C94CA-CE8D-4E07-A9F0-DDAF6411DADE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{745CD359-7CC4-4606-8946-36FBB3172A44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{772C2BA2-C920-4E8E-BA48-EFBE2B324A3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{97CA96FC-876E-4E80-A7FC-FE957A640CDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1913B1F-0335-4792-BEBC-93472E9731EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A86B6E50-FE17-4F7C-8C06-9C739887F63F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ADEA69D7-D0F7-4ECA-9CAB-240C6752FB50}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEA7B68C-6F95-4D1A-AC82-0E4A6A8249F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{B75F2C7D-6787-4077-ADD2-6ADB12ED1296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6230C82-E8D8-4928-A9FE-CCA7BF052A31}" = lport=445 | protocol=6 | dir=in | app=system |
"{DDDB0131-61BB-4F4C-9DB3-0076A085314A}" = lport=138 | protocol=17 | dir=in | app=system |
"{E304831A-4DAE-49DB-9B69-08576937F29A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C8F3D7-19EC-4F19-9890-6792A9453251}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{07834DA8-1E80-4395-9BDA-1B5877CD7A66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{09C37BA7-0B5F-4755-9F45-6482D9529D1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{22207CC9-EA11-4606-9488-83FDBFD99A3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2B272924-CA49-4882-9C54-E3582CDEC76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FA41E56-C919-4EE5-B58E-52AD524DF4FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{36290FA0-6475-4DD2-9B7A-E9C6E40B2F5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3B7128BC-92F3-49DF-A366-F40F290860B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3E277103-883B-40BD-A918-990815A236B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3E2C03E3-317E-42F7-AD55-28EBAD78EDB9}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{41FA890C-5507-4030-A666-00009A4FE3A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44809BBF-85F6-4385-B0C9-F4933DC2C954}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B3C91A1-166B-40D6-936F-8A3B2758D90F}" = protocol=6 | dir=out | app=system |
"{4C5DA59A-58AF-48D3-A5C8-73064AB1B59D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{622677D8-FAA7-4BF3-9373-679FB74748F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6B67E37B-A916-4985-8C8B-1E04F1A152DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6CD51A93-8625-4FEA-8B11-19723489F59E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{723A5D72-FBAF-4F3E-A53C-A53DC61B6854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{80D18940-E219-4069-85A1-4FFB3D0AC906}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{819A0B7B-70EF-466C-92D9-10F07C8093C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{83A6384B-2DA0-424D-BBB5-A3C18E7F02C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{85262D9E-C615-4B73-A0FC-90463C2D8CFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{884F1D5B-60F0-41A2-8487-686EA9EE9C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8D7A3484-73D2-479E-A6D8-2DF9E55ED470}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{8E4DCA79-29D7-48AD-A5FC-B68329D5B307}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94AD0F2A-CEAA-4F76-8402-99462E7F7E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B6E4A19-2AD6-45C2-9E57-4C32E427741C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A32EEC93-6EB6-41C1-B0C5-93FF13CB3A37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A4646A43-3B57-4F42-80D3-D5B930EFDD89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6487C5D-0592-4304-BE97-4D611887067C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A824EAFF-3B56-4EB1-A415-5B7927D44B3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AE5D4EA3-10EA-4CEA-BDAD-6A4023203A55}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B63B3D85-DF99-4C27-BDC4-46702ABCF2F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B6D30B20-E0BD-4ABC-8585-C4380AB0A0FA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C2D04633-A93F-4AAC-AB94-18B774865DB0}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C9AAF3A1-5BB6-407B-9A32-492A2CD13AB5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0859894-1696-4BD9-863D-B86C72E4ACD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5CD5643-E3E4-418E-AC8C-EB922E4FC5E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{DAF2AEE6-7E0D-4A1F-9DE8-5E1D958EEBB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{E0D8A940-55BC-4B43-B140-7874EBC36980}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E35F8E56-9D81-4546-A9A8-876F3B64FA9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E396AB68-2BEB-415E-B0D5-C11CA0D60D11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E4F4E408-89C9-4353-8662-114D5301B0FB}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"{E52545B9-AC7B-45FB-909B-3D828F71DED3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDFF26DC-5826-412D-863B-8B4E7E59D2EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF501AC5-1604-4CC6-9FCF-0C551065C325}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F157BC2C-B21A-469B-AECD-ACE9ABE69DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F565ACE4-9810-4717-99C4-C49D2BCB948D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F83708C3-43F7-4738-8482-22B12685BD2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F9F1D1D5-0217-40B4-BCEE-8EA9BD7033F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FABB6936-0EC7-4550-9673-BCFC5D982AFD}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"avast" = avast! Internet Security
"Electric Sheep" = Electric Sheep 2.7b34
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"hon" = Heroes of Newerth
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Smart Defrag 2_is1" = Smart Defrag 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2012 3:20:42 AM | Computer Name = alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/14/2012 3:20:46 AM | Computer Name = alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/14/2012 3:21:01 AM | Computer Name = alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/27/2012 10:39:46 PM | Computer Name = alex-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Camera Control Interface' could not be shut
down.

Error - 7/2/2012 9:57:07 PM | Computer Name = alex-PC | Source = Chrome | ID = 1
Description =

Error - 7/14/2012 7:03:44 PM | Computer Name = alex-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

Error - 8/24/2012 10:15:17 PM | Computer Name = alex-PC | Source = IMFservice | ID = 0
Description =

Error - 8/24/2012 10:15:17 PM | Computer Name = alex-PC | Source = IMFservice | ID = 0
Description =

Error - 8/25/2012 11:31:01 PM | Computer Name = alex-PC | Source = IMFservice | ID = 0
Description =

Error - 8/25/2012 11:31:01 PM | Computer Name = alex-PC | Source = IMFservice | ID = 0
Description =

[ System Events ]
Error - 9/15/2012 10:46:46 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%815 Update Stage:
%%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x800704c8 Error
description: The requested operation cannot be performed on a file with a user-mapped
section open.

Error - 9/15/2012 10:46:46 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%859 Update Stage:
%%854 Source Path: [You must be registered and logged in to see this link.] Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 9/15/2012 10:47:04 PM | Computer Name = alex-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.135.1338.0).

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.135.1334.0 Previous Signature Version: 1.135.74.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8703.0 Previous Engine Version: 1.1.8704.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.135.1334.0 Previous Signature Version: 1.135.74.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8703.0 Previous Engine Version: 1.1.8704.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%851 Update Stage:
%%854 Source Path: [You must be registered and logged in to see this link.]

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%851 Update Stage:
%%854 Source Path: [You must be registered and logged in to see this link.]

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%851 Update Stage:
%%854 Source Path: [You must be registered and logged in to see this link.]

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 9/15/2012 10:47:08 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.74.0 Update Source: %%851 Update Stage:
%%854 Source Path: [You must be registered and logged in to see this link.]

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8704.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 9/15/2012 11:40:27 PM | Computer Name = alex-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838


< End of report >

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Sun 16 Sep 2012, 3:27 pm

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 00:07:49
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : alex - ALEX-PC
# Boot Mode : Normal
# Running from : C:\Users\alex\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\alex\AppData\Local\APN
Folder Found : C:\Users\alex\AppData\Local\Babylon
Folder Found : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\alex\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\alex\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\alex\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\lggyp8wm.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3218629971-1370854036-1900963934-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\lggyp8wm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.16] : homepage = "hxxp://www.ask.com/?l=dis&o=1587cr&gct=hp",
Found [l.1554] : homepage = "hxxp://www.ask.com/?l=dis&o=1587cr&gct=hp",

*************************

AdwCleaner[R1].txt - [5655 octets] - [15/09/2012 20:20:31]
AdwCleaner[R2].txt - [5715 octets] - [15/09/2012 20:20:55]
AdwCleaner[R3].txt - [5687 octets] - [16/09/2012 00:07:49]

########## EOF - C:\AdwCleaner[R3].txt - [5747 octets] ##########

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by DragonMaster Jay on Sun 16 Sep 2012, 9:04 pm

Hi there. Welcome to the forums!

AdwCleaner Fix

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.


ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:


  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Mon 17 Sep 2012, 5:24 am

ComboFix 12-09-15.02 - alex 09/16/2012 14:05:09.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4605 [GMT -4:00]
Running from: c:\users\alex\Downloads\svchost.exe.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 18:08 . 2012-09-16 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 02:08 . 2012-09-16 02:08 208216 ----a-w- c:\windows\system32\drivers\39602936.sys
2012-09-15 16:00 . 2012-09-15 16:00 -------- d-----w- c:\users\alex\AppData\Roaming\Macrovision
2012-09-14 02:26 . 2012-09-14 02:26 -------- d-----w- c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021
2012-09-14 02:26 . 2012-09-14 02:26 -------- d-----w- c:\users\alex\AppData\Local\Programs
2012-09-14 02:26 . 2012-09-14 02:26 -------- d-----w- c:\program files (x86)\Minitab 15
2012-09-14 02:26 . 2012-09-14 02:26 -------- d-----w- c:\programdata\Macrovision
2012-09-14 02:25 . 2012-09-14 02:25 -------- d-----w- c:\users\alex\AppData\Local\Downloaded Installations
2012-09-12 20:51 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 20:51 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 20:51 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 20:51 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 20:51 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 20:51 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 20:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 04:29 . 2012-09-11 04:29 -------- d-----w- c:\users\alex\AppData\Local\Apple Computer
2012-09-11 04:23 . 2012-09-11 19:10 -------- d-----w- c:\users\alex\AppData\Roaming\Apple Computer
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-11 04:17 . 2012-09-11 04:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-11 04:16 . 2012-09-11 04:17 -------- d-----w- c:\program files (x86)\QuickTime
2012-09-11 04:16 . 2012-09-11 04:16 -------- d-----w- c:\programdata\Apple Computer
2012-09-11 04:16 . 2012-09-11 04:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-09-11 04:16 . 2012-09-11 04:16 -------- d-----w- c:\users\alex\AppData\Local\Apple
2012-09-11 04:16 . 2012-09-11 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-11 04:16 . 2012-09-11 04:16 -------- d-----w- c:\programdata\Apple
2012-09-05 03:32 . 2012-09-05 03:32 -------- d-----w- c:\users\alex\AppData\Local\Mozilla
2012-09-05 03:32 . 2012-09-11 03:58 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-04 23:24 . 2012-09-04 23:24 -------- d-----w- C:\197c810cedb6ab660de1
2012-09-02 02:06 . 2012-09-02 02:06 -------- d-----w- c:\program files (x86)\ATT-HSI
2012-09-02 02:06 . 2012-09-02 02:06 -------- d-----w- c:\program files (x86)\Common Files\Motive
2012-09-02 02:05 . 2012-09-02 02:06 -------- d-----w- c:\program files\Common Files\Motive
2012-09-02 02:01 . 2012-09-02 02:01 -------- d-----w- c:\programdata\Motive
2012-08-30 13:54 . 2012-08-01 19:58 9309624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19C652F-0A51-42BB-8554-CC3B3ED97618}\mpengine.dll
2012-08-29 19:43 . 2012-08-01 19:58 9309624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-28 03:52 . 2012-09-16 17:57 -------- d-----w- c:\users\alex\AppData\Local\Spotify
2012-08-28 03:52 . 2012-09-16 17:57 -------- d-----w- c:\users\alex\AppData\Roaming\Spotify
2012-08-25 01:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-25 01:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-25 01:52 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-25 01:52 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-25 01:52 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-25 01:52 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-25 01:52 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-25 01:52 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-25 01:52 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-25 01:52 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-25 01:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-25 01:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 07:07 . 2011-11-17 15:03 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 18:54 . 2012-06-29 18:54 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-29 18:54 . 2012-06-29 18:54 366592 ----a-w- c:\windows\system32\qdvd.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-16 18:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-16 17:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-16 17:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-16 18:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-16 17:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-16 18:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-17 15:59 . 2012-09-16 17:57 30214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 17:57 26912 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-17 15:51 . 2012-09-16 17:57 8746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3218629971-1370854036-1900963934-1001_UserData.bin
- 2012-09-16 17:55 . 2012-09-16 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 18:10 . 2012-09-16 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 18:10 . 2012-09-16 18:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-16 17:55 . 2012-09-16 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-09-16 17:26 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-16 18:01 629194 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-16 18:01 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-16 17:26 108410 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-16 17:54 386684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-16 18:09 386684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-24 23:23 . 2012-09-16 18:09 4999692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3218629971-1370854036-1900963934-1001-12288.dat
- 2011-11-24 23:23 . 2012-09-16 17:54 4999692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3218629971-1370854036-1900963934-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-13 619352]
"Spotify"="c:\users\alex\AppData\Roaming\Spotify\Spotify.exe" [2012-08-28 5576408]
"Spotify Web Helper"="c:\users\alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-28 1193176]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 145384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-17 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-13 494424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-09-04 517632]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3218629971-1370854036-1900963934-1001Core.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 19:16]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3218629971-1370854036-1900963934-1001UA.job
- c:\users\alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.50.0.1
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\lggyp8wm.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\04\18\15\19\02u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
.
**************************************************************************
.
Completion time: 2012-09-16 14:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-16 18:14
ComboFix2.txt 2012-09-16 18:00
.
Pre-Run: 465,905,340,416 bytes free
Post-Run: 465,604,653,056 bytes free
.
- - End Of File - - FF541C5B08A83EA56C6EF44165735845

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Mon 17 Sep 2012, 5:29 am

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 14:25:34
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : alex - ALEX-PC
# Boot Mode : Normal
# Running from : C:\Users\alex\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\lggyp8wm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5655 octets] - [15/09/2012 20:20:31]
AdwCleaner[R2].txt - [5715 octets] - [15/09/2012 20:20:55]
AdwCleaner[R3].txt - [5778 octets] - [16/09/2012 00:07:49]
AdwCleaner[R4].txt - [5835 octets] - [16/09/2012 13:18:07]
AdwCleaner[R5].txt - [5895 octets] - [16/09/2012 13:19:08]
AdwCleaner[S2].txt - [6508 octets] - [16/09/2012 13:19:22]
AdwCleaner[R6].txt - [1444 octets] - [16/09/2012 14:25:07]
AdwCleaner[S3].txt - [1444 octets] - [16/09/2012 14:25:34]

########## EOF - C:\AdwCleaner[S3].txt - [1504 octets] ##########

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by DragonMaster Jay on Mon 17 Sep 2012, 7:55 pm

Would you mind combining and then uploading the following logs:

AdwCleaner[R1].txt - [5655 octets] - [15/09/2012 20:20:31]
AdwCleaner[R2].txt - [5715 octets] - [15/09/2012 20:20:55]
AdwCleaner[R3].txt - [5778 octets] - [16/09/2012 00:07:49]
AdwCleaner[R4].txt - [5835 octets] - [16/09/2012 13:18:07]
AdwCleaner[R5].txt - [5895 octets] - [16/09/2012 13:19:08]
AdwCleaner[S2].txt - [6508 octets] - [16/09/2012 13:19:22]
AdwCleaner[R6].txt - [1444 octets] - [16/09/2012 14:25:07]
AdwCleaner[S3].txt - [1444 octets] - [16/09/2012 14:25:34]


You can do so at pastebin.com or [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Tue 18 Sep 2012, 1:11 pm

I only have R3, R6, and S3. I only ran the program thrice.

[You must be registered and logged in to see this link.]


dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by DragonMaster Jay on Tue 18 Sep 2012, 7:19 pm

Good work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Extreme amounts of malware

Post by dirtychicken on Wed 19 Sep 2012, 3:15 pm

C:\Users\alex\Documents\Vuze Downloads\Advanced.SystemCare.5.0.0.158.Final{Incl Serial}\setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\alex\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\alex\Downloads\installer_adobe_flash_player_English (1).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\alex\Downloads\installer_adobe_flash_player_English.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\alex\Downloads\sd2-setup220.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\alex\Downloads\SoftonicDownloader_for_minitab.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

dirtychicken

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2012-09-16
Operating System : Windows 7

View user profile

Back to top Go down

Re: Extreme amounts of malware

Post by DragonMaster Jay on Thu 20 Sep 2012, 3:09 am

Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advanced System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations:

  • Select the More Options tab

  • In the System Restore and Shadow Backups select Clean up

  • Select Delete on the pop up
  • Select OK
  • Select Delete


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Extreme amounts of malware

Post by Sponsored content Today at 1:03 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum