horimiya
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by horimiya
-
-
Good morning TheDarkKnight,
Turned on the automatic windows update, . SP1 was installed successfully & after a few restarts for further updates, all important installations are done.Also installed Microsoft security essentials.
Downloaded the latest java first because Java did not allow me to remove old versions unless the latest was installed. Remove the old versions thereafter.
Updated Adobe reader to the latest version as well.
-
good morning TheDarkKnight,
Currently, none as far as I'm aware of. No redirects or music playing thus far.
here is the 317 log:
Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
JavaFX 2.1.1
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
-
Hello TheDarkKnight,
Here are the reports:
Malware (0)
Information about malware detected on the computer.
Vulnerabilities
-
C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti -
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe -
C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll -
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe -
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.d
Other issues-
"Autorun from hard drives is allowed" -
"Autorun from network drives is enabled" -
"CD/DVD autorun is enabled" -
"Removable media autorun is enabled" -
"Microsoft Internet Explorer: clear history of typed URLs" -
"Microsoft Internet Explorer - disable caching data received via protected channel" -
"Microsoft Internet Explorer: disable sending error reports" -
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions" -
"Microsoft Internet Explorer: enable cache autocleanup on browser closing" -
"Windows Explorer: display of known file types extensions is disabled" -
"Microsoft Internet Explorer: start page reset"
-
-
-
Hello TheDarkKnight,
No, no other weird things thus far. The music has also stopped appearing (: Not gotten any redirect so far as well.
here is the log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-15 18:36:03
Windows 6.1.7600
Running: uk899jte.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f53957
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f53957@7cc53745c4ed 0xE1 0x7D 0xF2 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f53957 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f53957@7cc53745c4ed 0xE1 0x7D 0xF2 0xDD ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\sins of a solar empire\Çàêàò Ñîëíå\xf7íîé Èìïåðèè. Íîâàÿ âîéíà\Uninstall\unins000.exe 1
---- EOF - GMER 1.0.15 ----
-
Hey TheDarkKnight,
silly me ugh.
the full log:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5930
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 191):
0x02C50000 \SystemRoot\system32\ntoskrnl.exe
0x02C07000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00C35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C79000 \SystemRoot\system32\PSHED.dll
0x00C8D000 \SystemRoot\system32\CLFS.SYS
0x00CEB000 \SystemRoot\system32\CI.dll
0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F87000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01028000 \SystemRoot\System32\drivers\volmgrx.sys
0x01084000 \SystemRoot\System32\drivers\mountmgr.sys
0x0109E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010DC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010EC000 \SystemRoot\system32\drivers\amdxata.sys
0x010F7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01143000 \SystemRoot\system32\drivers\fileinfo.sys
0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01157000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01444000 \SystemRoot\System32\Drivers\cng.sys
0x014B6000 \SystemRoot\System32\drivers\pcw.sys
0x014C7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D1000 \SystemRoot\system32\drivers\ndis.sys
0x016EC000 \SystemRoot\system32\drivers\NETIO.SYS
0x0174C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01777000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017C1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x01654000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168E000 \SystemRoot\System32\Drivers\mup.sys
0x016A0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x016A9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017D1000 \SystemRoot\system32\DRIVERS\disk.sys
0x015C3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011B5000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016E3000 \SystemRoot\System32\Drivers\Null.SYS
0x0143D000 \SystemRoot\System32\Drivers\Beep.SYS
0x013C2000 \SystemRoot\System32\drivers\vga.sys
0x013D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01000000 \SystemRoot\System32\drivers\watchdog.sys
0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01010000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01019000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00FC6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00FD1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00FE2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C14000 \SystemRoot\system32\drivers\afd.sys
0x02C9D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CE2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02CED000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CF6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D46000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DAB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02DC2000 \SystemRoot\System32\drivers\discache.sys
0x066BA000 \SystemRoot\system32\drivers\csc.sys
0x0673D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0675B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0676C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F090000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FD07000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0F046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06792000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0F053000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0F064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06600000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0689E000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x06DD9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06DDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0680F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0681E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06825000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0682E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x06844000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x06854000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0686A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0688E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06665000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06694000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x066AF000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x067E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0689A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00DAB000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07220000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0727A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0728F000 \SystemRoot\system32\drivers\HdAudio.sys
0x072EB000 \SystemRoot\system32\drivers\portcls.sys
0x07328000 \SystemRoot\system32\drivers\drmk.sys
0x0734A000 \SystemRoot\system32\drivers\ksthunk.sys
0x0740A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0752C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0752E000 \SystemRoot\system32\drivers\modem.sys
0x0753D000 \SystemRoot\system32\drivers\nvhda64v.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0756A000 \SystemRoot\System32\drivers\Dxapi.sys
0x07576000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07584000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07590000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0759B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x075AE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x075BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x075D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x075DE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07350000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0736D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02ACB000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x02B80000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02B8E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x02B9C000 \SystemRoot\system32\drivers\luafv.sys
0x02BBF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02BE0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02A66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x054B0000 \SystemRoot\system32\drivers\HTTP.sys
0x05578000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05596000 \SystemRoot\System32\drivers\mpsdrv.sys
0x055AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x088F4000 \SystemRoot\system32\drivers\peauth.sys
0x0899A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x089A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089D2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08EB9000 \SystemRoot\System32\DRIVERS\srv.sys
0x76F20000 \Windows\System32\ntdll.dll
0x47A30000 \Windows\System32\smss.exe
0xFF240000 \Windows\System32\apisetschema.dll
0xFFA90000 \Windows\System32\autochk.exe
0xFF020000 \Windows\System32\ole32.dll
0xFEE40000 \Windows\System32\setupapi.dll
0x770F0000 \Windows\System32\normaliz.dll
0xFED70000 \Windows\System32\usp10.dll
0xFECD0000 \Windows\System32\comdlg32.dll
0x76E20000 \Windows\System32\user32.dll
0x770E0000 \Windows\System32\psapi.dll
0x76C10000 \Windows\System32\iertutil.dll
0xFEBC0000 \Windows\System32\msctf.dll
0xFEAE0000 \Windows\System32\advapi32.dll
0xFEA90000 \Windows\System32\ws2_32.dll
0xFEA70000 \Windows\System32\sechost.dll
0xFE990000 \Windows\System32\oleaut32.dll
0x76AB0000 \Windows\System32\wininet.dll
0x76990000 \Windows\System32\kernel32.dll
0xFE970000 \Windows\System32\imagehlp.dll
0xFE8D0000 \Windows\System32\clbcatq.dll
0xFE8C0000 \Windows\System32\nsi.dll
0xFE820000 \Windows\System32\msvcrt.dll
0xFE810000 \Windows\System32\lpk.dll
0xFE7E0000 \Windows\System32\imm32.dll
0xFE770000 \Windows\System32\gdi32.dll
0xFE6F0000 \Windows\System32\difxapi.dll
0xFE5C0000 \Windows\System32\rpcrt4.dll
0xFE540000 \Windows\System32\shlwapi.dll
0xFE4F0000 \Windows\System32\Wldap32.dll
0xFD760000 \Windows\System32\shell32.dll
0x76840000 \Windows\System32\urlmon.dll
0xFD6C0000 \Windows\System32\comctl32.dll
0xFD6A0000 \Windows\System32\devobj.dll
0xFD530000 \Windows\System32\crypt32.dll
0xFD4F0000 \Windows\System32\wintrust.dll
0xFD480000 \Windows\System32\KernelBase.dll
0xFD440000 \Windows\System32\cfgmgr32.dll
0xFD430000 \Windows\System32\msasn1.dll
Processes (total 61):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
360 csrss.exe
424 C:\Windows\System32\wininit.exe
440 csrss.exe
472 C:\Windows\System32\services.exe
488 C:\Windows\System32\lsass.exe
496 C:\Windows\System32\lsm.exe
612 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\nvvsvc.exe
716 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\spoolsv.exe
1228 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1240 C:\Windows\System32\nvvsvc.exe
1300 C:\Windows\System32\svchost.exe
1396 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1568 C:\Windows\System32\taskhost.exe
1656 C:\Windows\System32\taskeng.exe
1688 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1696 C:\Windows\System32\dwm.exe
1724 C:\Windows\explorer.exe
1876 C:\Program Files\Bonjour\mDNSResponder.exe
1904 C:\Windows\System32\svchost.exe
1948 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
840 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
1356 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2316 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2628 C:\Windows\System32\svchost.exe
2816 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2660 C:\Windows\System32\SearchIndexer.exe
1040 C:\Program Files\Windows Media Player\wmpnetwk.exe
1376 C:\Windows\System32\svchost.exe
3740 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
3976 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
3992 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
4012 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
4028 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
4040 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
3248 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
3428 C:\Windows\System32\taskhost.exe
3424 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
2020 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2540 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
1840 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
1444 WmiPrvSE.exe
2688 C:\Windows\System32\SearchProtocolHost.exe
3288 C:\Windows\System32\SearchFilterHost.exe
596 C:\Windows\System32\dllhost.exe
684 C:\Windows\System32\audiodg.exe
3732 C:\Users\ee\Desktop\MBRCheck.exe
3716 C:\Windows\System32\conhost.exe
3112 C:\Windows\System32\notepad.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`003eb200 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002a`8072e200 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
-
Hello TheDarkKnight,
the log MBRcheck:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5930
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 191):
0x02C50000 \SystemRoot\system32\ntoskrnl.exe
0x02C07000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00C35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C79000 \SystemRoot\system32\PSHED.dll
0x00C8D000 \SystemRoot\system32\CLFS.SYS
0x00CEB000 \SystemRoot\system32\CI.dll
0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F87000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01028000 \SystemRoot\System32\drivers\volmgrx.sys
0x01084000 \SystemRoot\System32\drivers\mountmgr.sys
0x0109E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010DC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010EC000 \SystemRoot\system32\drivers\amdxata.sys
0x010F7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01143000 \SystemRoot\system32\drivers\fileinfo.sys
0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01157000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01444000 \SystemRoot\System32\Drivers\cng.sys
0x014B6000 \SystemRoot\System32\drivers\pcw.sys
0x014C7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D1000 \SystemRoot\system32\drivers\ndis.sys
0x016EC000 \SystemRoot\system32\drivers\NETIO.SYS
0x0174C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01777000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017C1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x01654000 \SystemRoot\System32\drivers\rdyboost.sys
0x0168E000 \SystemRoot\System32\Drivers\mup.sys
0x016A0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x016A9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017D1000 \SystemRoot\system32\DRIVERS\disk.sys
0x015C3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x011B5000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016E3000 \SystemRoot\System32\Drivers\Null.SYS
0x0143D000 \SystemRoot\System32\Drivers\Beep.SYS
0x013C2000 \SystemRoot\System32\drivers\vga.sys
0x013D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01000000 \SystemRoot\System32\drivers\watchdog.sys
0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01010000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01019000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00FC6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00FD1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00FE2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C14000 \SystemRoot\system32\drivers\afd.sys
0x02C9D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CE2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02CED000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CF6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D46000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DAB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02DC2000 \SystemRoot\System32\drivers\discache.sys
0x066BA000 \SystemRoot\system32\drivers\csc.sys
0x0673D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0675B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0676C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F090000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FD07000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0F046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06792000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0F053000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0F064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06600000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0689E000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x06DD9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06DDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0680F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0681E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06825000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0682E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x06844000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x06854000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0686A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0688E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06665000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06694000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x066AF000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x067E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0689A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00DAB000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07220000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0727A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0728F000 \SystemRoot\system32\drivers\HdAudio.sys
0x072EB000 \SystemRoot\system32\drivers\portcls.sys
0x07328000 \SystemRoot\system32\drivers\drmk.sys
0x0734A000 \SystemRoot\system32\drivers\ksthunk.sys
0x0740A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0752C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0752E000 \SystemRoot\system32\drivers\modem.sys
0x0753D000 \SystemRoot\system32\drivers\nvhda64v.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0756A000 \SystemRoot\System32\drivers\Dxapi.sys
0x07576000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07584000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07590000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0759B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x075AE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x075BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x075D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x075DE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07350000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0736D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02ACB000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x02B80000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02B8E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x02B9C000 \SystemRoot\system32\drivers\luafv.sys
0x02BBF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02BE0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02A66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x054B0000 \SystemRoot\system32\drivers\HTTP.sys
0x05578000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05596000 \SystemRoot\System32\drivers\mpsdrv.sys
0x055AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x088F4000 \SystemRoot\system32\drivers\peauth.sys
0x0899A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x089A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089D2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08EB9000 \SystemRoot\System32\DRIVERS\srv.sys
0x76F20000 \Windows\System32\ntdll.dll
0x47A30000 \Windows\System32\smss.exe
0xFF240000 \Windows\System32\apisetschema.dll
0xFFA90000 \Windows\System32\autochk.exe
0xFF020000 \Windows\System32\ole32.dll
0xFEE40000 \Windows\System32\setupapi.dll
0x770F0000 \Windows\System32\normaliz.dll
0xFED70000 \Windows\System32\usp10.dll
0xFECD0000 \Windows\System32\comdlg32.dll
-
Good evening TheDarkKnight,
When I ran the mbar.exe this message appeared: Registry value "AppInit_Dlls" has been found which may be caused by rootkit activity.
Note: press NO button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press YES should this message appear again.
I clicked no & the scan ran smoothly. Here are the logs :
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3215839232, free: 1950830592
------------ Kernel report ------------
11/14/2012 20:26:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003410170
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8002f1d060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.14.02
Downloaded database version: v2012.11.12.01
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3215839232, free: 1987518464
------------ Kernel report ------------
11/14/2012 20:27:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003410170
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8002f1d060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa80037fb1f0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003410170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003411b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003410170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f1d060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00a447f50, 0xfffffa8003410170, 0xfffffa8002d7d360
Lower DeviceData: 0xfffff8a0099c6050, 0xfffffa8002f1d060, 0xfffffa80037fb1f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ADB8E06B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 125837082
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 125837145 Numsec = 230693400
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 356530545 Numsec = 268606800
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.14.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
ee :: EE-PC [administrator]
11/14/2012 8:37:21 PM
mbar-log-2012-11-14 (20-37-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 24701
Time elapsed: 9 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Good afternoon TheDarkKnight,
While I was reading your instructions and advice, Techno music started playing. No other browser was open, this was the only tab opened. I was not playing any music programs as well.It was only after i closed this sole window did it stop.
Tool bar removed.
Oh, those are cropped pictures from the guardian newspaper website, & the gif was from reddit.
After opening a few tabs, there have been no redirects.
Here are the OTL fix and AdwCleaner logs:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B777B68-9A82-4DA6-800B-882955F1F07F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B777B68-9A82-4DA6-800B-882955F1F07F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Windows\SysNative\drivers\kgpcpy.cfg moved successfully.
C:\Users\ee\AppData\Local\iwmvwspbz1m.crx moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
User: ee
->Temp folder emptied: 1797476 bytes
->Temporary Internet Files folder emptied: 35894465 bytes
->Java cache emptied: 54460 bytes
->Google Chrome cache emptied: 241774336 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2711 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531263 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 1814312 bytes
Total Files Cleaned = 269.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11142012_172130
Files\Folders moved on Reboot...
C:\Users\ee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------
# AdwCleaner v2.007 - Logfile created 11/14/2012 at 17:27:02
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : ee - EE-PC
# Boot Mode : Normal
# Running from : C:\Users\ee\Desktop\logs\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1632 octets] - [13/11/2012 23:03:07]
AdwCleaner[R2].txt - [1697 octets] - [13/11/2012 23:08:09]
AdwCleaner[R3].txt - [1757 octets] - [13/11/2012 23:08:21]
AdwCleaner[s1].txt - [1843 octets] - [13/11/2012 23:13:15]
AdwCleaner[s2].txt - [875 octets] - [14/11/2012 17:27:02]
########## EOF - C:\AdwCleaner[s2].txt - [934 octets] ##########
-
Good evening TheDarkKnight,
A question, is there any private information on all these logs posted I should be aware about?
Here are the OTL.txt. Extras.txt. AdwCleaner[R1].txt. logs:
TL logfile created on: 11/13/2012 10:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ee\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
5.99 Gb Paging File | 4.50 Gb Available in Paging File | 75.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 19.90 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
Drive D: | 110.00 Gb Total Space | 78.88 Gb Free Space | 71.71% Space Free | Partition Type: NTFS
Drive E: | 128.08 Gb Total Space | 41.02 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
Computer Name: EE-PC | User Name: ee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/13 22:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe
PRC - [2012/10/25 09:05:36 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/06 20:15:09 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\steam\Steam.exe
PRC - [2011/10/15 16:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/01 06:15:05 | 000,460,312 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/11/01 06:15:02 | 004,007,448 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/11/01 06:13:47 | 000,587,288 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/11/01 06:13:46 | 000,123,928 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/11/01 06:13:35 | 000,156,712 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/11/01 06:13:34 | 000,274,984 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/11/01 06:13:32 | 002,168,360 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/10/25 09:05:36 | 020,317,008 | ---- | M] () -- D:\steam\bin\libcef.dll
MOD - [2012/10/25 09:05:35 | 001,099,616 | ---- | M] () -- D:\steam\bin\avcodec-53.dll
MOD - [2012/10/25 09:05:35 | 000,902,480 | ---- | M] () -- D:\steam\bin\chromehtml.dll
MOD - [2012/10/25 09:05:35 | 000,190,816 | ---- | M] () -- D:\steam\bin\avformat-53.dll
MOD - [2012/10/25 09:05:35 | 000,123,232 | ---- | M] () -- D:\steam\bin\avutil-51.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/25 09:05:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/08/28 07:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/10/15 16:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/11 01:41:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 14:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/08 07:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/12/03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/11 05:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/02/21 17:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/'>http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE EB 63 17 0C 5C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {BA2B6456-3147-46D6-8BEE-D95878968E92}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B777B68-9A82-4DA6-800B-882955F1F07F}: "URL" = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms}
IE - HKCU\..\SearchScopes\{BA2B6456-3147-46D6-8BEE-D95878968E92}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{E79D06E1-62C7-4091-80FF-1A7CAB6F4BB4}: "URL" = http://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Bookmark Sentry = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.3_0\
CHR - Extension: Glow = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\
CHR - Extension: Turn Off the Lights = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.16_0\
CHR - Extension: High Contrast = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.4_0\
CHR - Extension: Collusion for Chrome = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\1.10.4_0\
CHR - Extension: 3D Function Graphics = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobplelaajiidonodpenmapjhndgohhn\1.2_0\
CHR - Extension: Dropbox = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\
CHR - Extension: Ghostery = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Flash Player = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcplidffijapllcadglkoenobogpgdlb\11_0\
CHR - Extension: Psykopaint = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
O1 HOSTS File: ([2012/11/03 23:43:04 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - No CLSID value found.
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - D:\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/13 22:43:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe
[2012/11/13 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{FF66EE4E-B40F-44DF-B39D-68355298AD06}
[2012/11/12 22:50:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/12 19:32:04 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{8174B6C9-07B4-4ADD-A860-27EA8E392A3F}
[2012/11/12 02:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/11 08:22:51 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{F4936680-C053-47F2-AEED-01BFCB4A8B7D}
[2012/11/11 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2012/11/11 01:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/11/11 01:41:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/10 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{4B597F43-E070-4E56-AF35-3A0659C6950B}
[2012/11/09 18:10:49 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{B232200F-D29D-450A-A4C5-943CC16B281C}
[2012/11/08 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\ee\Desktop\logs
[2012/11/08 18:57:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/08 18:57:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/08 18:57:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/08 18:56:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/08 18:56:35 | 000,000,000 | R--D | C] -- C:\Users\ee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/08 18:56:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/07 22:32:41 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{68FC57F7-D664-46E4-9063-74986ED17604}
[2012/11/06 16:37:08 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{8A7424D3-6A4D-4EE0-983D-D5BABBB38E5A}
[2012/11/05 20:19:56 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{5824996B-1129-4C2F-BD17-771C73B5B612}
[2012/11/05 13:56:18 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\VirtualStore
[2012/11/05 06:38:45 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/11/03 23:45:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/24 01:31:41 | 000,000,000 | R--D | C] -- C:\Users\ee\Videos
[2012/10/23 21:23:31 | 000,000,000 | R--D | C] -- C:\Users\ee\Favorites
[2012/10/23 21:23:26 | 000,000,000 | R--D | C] -- C:\Users\ee\Searches
[2012/10/23 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\ee\Tracing
[2012/10/23 18:12:35 | 000,000,000 | ---D | C] -- C:\Users\ee\Desktop
[2012/10/23 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\ee\fourclover
[2012/10/17 18:50:35 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/17 18:50:35 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/17 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\ee\Documents\Calibre Library
[2012/10/17 16:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/10/17 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/13 22:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe
[2012/11/13 22:22:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/13 22:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001UA.job
[2012/11/13 17:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/13 12:01:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001Core.job
[2012/11/13 07:30:22 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 07:30:22 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 07:27:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/13 07:27:28 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/13 07:27:28 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/13 07:22:52 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 01:41:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/11/08 18:52:53 | 000,000,448 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/11/05 09:39:19 | 000,037,070 | ---- | M] () -- C:\UPIFZ.jpg
[2012/11/05 06:38:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/03 19:53:36 | 000,001,738 | ---- | M] () -- C:\Users\ee\AppData\Local\iwmvwspbz1m.crx
[2012/10/31 09:33:29 | 002,175,795 | ---- | M] () -- C:\Users\ee\ibdb3QC8lsFRNj.gif
[2012/10/31 09:15:18 | 000,035,308 | ---- | M] () -- C:\Users\ee\s2lVu.jpg
[2012/10/31 08:19:40 | 000,253,279 | ---- | M] () -- C:\Users\ee\tuzX2.jpg
[2012/10/31 07:36:56 | 000,075,265 | ---- | M] () -- C:\Users\ee\EVZKj.jpg
[2012/10/31 06:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/23 21:26:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/23 21:26:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/23 18:13:14 | 000,026,855 | ---- | M] () -- C:\2.JPG
[2012/10/23 18:12:55 | 000,064,747 | ---- | M] () -- C:\1.JPG
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/08 18:57:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 18:57:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 18:57:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 18:57:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 18:57:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/08 18:44:07 | 000,000,448 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/11/05 09:39:18 | 000,037,070 | ---- | C] () -- C:\UPIFZ.jpg
[2012/11/03 19:53:36 | 000,001,738 | ---- | C] () -- C:\Users\ee\AppData\Local\iwmvwspbz1m.crx
[2012/10/31 09:33:29 | 002,175,795 | ---- | C] () -- C:\Users\ee\ibdb3QC8lsFRNj.gif
[2012/10/31 09:15:18 | 000,035,308 | ---- | C] () -- C:\Users\ee\s2lVu.jpg
[2012/10/31 08:19:39 | 000,253,279 | ---- | C] () -- C:\Users\ee\tuzX2.jpg
[2012/10/31 07:36:55 | 000,075,265 | ---- | C] () -- C:\Users\ee\EVZKj.jpg
[2012/10/23 18:13:14 | 000,026,855 | ---- | C] () -- C:\2.JPG
[2012/10/23 18:12:55 | 000,064,747 | ---- | C] () -- C:\1.JPG
[2012/06/06 01:18:32 | 000,773,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 12:58:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/23 12:58:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/17 04:04:16 | 000,003,584 | ---- | C] () -- C:\Users\ee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 13:44:14 | 000,000,030 | ---- | C] () -- C:\Users\ee\AppData\Local\wic.exe!
[2010/11/20 13:14:29 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini
========== ZeroAccess Check ==========
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/10/23 18:12:55 | 000,064,747 | ---- | M] () -- C:\1.JPG
[2012/10/23 18:13:14 | 000,026,855 | ---- | M] () -- C:\2.JPG
[2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/09/22 15:04:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/11/12 22:43:06 | 000,021,816 | ---- | M] () -- C:\ComboFix.txt
[2010/10/06 16:50:00 | 000,203,836 | RHS- | M] () -- C:\grldr
[2012/11/13 07:22:52 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 07:22:55 | 3215,839,232 | -HS- | M] () -- C:\pagefile.sys
[2012/11/12 22:58:32 | 000,131,592 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_22.57.40_log.txt
[2012/11/05 09:39:19 | 000,037,070 | ---- | M] () -- C:\UPIFZ.jpg
[2010/10/06 16:50:01 | 000,000,000 | RHS- | M] () -- C:\winx.ld
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Files - Unicode (All) ==========
[2012/07/13 18:27:18 | 007,679,639 | ---- | M] ()(C:\Users\ee\Documents\IU - 04. ?? ? (You & I).mp3) -- C:\Users\ee\Documents\IU - 04. 너랑 나 (You & I).mp3
[2012/07/13 18:27:05 | 007,679,639 | ---- | C] ()(C:\Users\ee\Documents\IU - 04. ?? ? (You & I).mp3) -- C:\Users\ee\Documents\IU - 04. 너랑 나 (You & I).mp3
< End of report >
-----------------------
OTL Extras logfile created on: 11/13/2012 10:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ee\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free
5.99 Gb Paging File | 4.50 Gb Available in Paging File | 75.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 19.90 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
Drive D: | 110.00 Gb Total Space | 78.88 Gb Free Space | 71.71% Space Free | Partition Type: NTFS
Drive E: | 128.08 Gb Total Space | 41.02 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
Computer Name: EE-PC | User Name: ee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- D:\photoshop\ps\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- D:\photoshop\ps\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7FB5C-3858-4861-B28B-226ADDC66860}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09134F4B-005F-4466-96AD-F572F1C5710A}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{0DC6793B-7C21-45C4-94B8-5DFE7757EA89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{167A249A-C73F-4979-9506-A78F7C875D29}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C8EFDAB-4E59-44E8-AC26-19A725B246F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1E3E5CCC-2807-44FE-810F-9DAB57A99F91}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E684C35-8E21-4DE1-AEE2-DCB2852445A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{230CAD33-32CB-44CE-B372-608DB048B364}" = lport=137 | protocol=17 | dir=in | app=system |
"{6D064941-3324-430C-88F2-94240B9584DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71848359-2BB8-4606-93C1-4780809E09B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{8480A487-1D4C-4619-9FA2-C7FC43217872}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{903773D3-CA68-43C6-A7C1-053B3FBCD344}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{916B9DD1-A88B-4516-9126-C7D8D0D2BD01}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D219D05-B9BD-443C-B09D-93B1E5512DE2}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{A266A19E-39A8-417C-9E9E-5ECB282F0E51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ACBF2270-5966-42D1-8316-CF69BD7F041B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B00D2503-3735-4755-89A8-330474456869}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{B3CBC02F-A10F-404F-9FE1-BAFBFD1605B6}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{C0F64B43-63E5-4AEB-84BA-D7C356D166B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{C57259BF-C42C-45D2-8977-E77D187983FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D79B9B20-0E57-43E4-979D-900D04B59302}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE7EE85A-27B0-4885-A516-0CD4AD01AFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E81E8C67-A7BE-40DF-98DD-45108F7F0353}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBDDDC86-BE5F-4EB2-8B3D-BBEE0733F5CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC64BCA5-B915-451C-A1D5-75FEA6DFEA67}" = rport=137 | protocol=17 | dir=out | app=system |
"{F4FD3D8C-960B-4F0D-9BE1-FF7263E01317}" = lport=139 | protocol=6 | dir=in | app=system |
"{F75327B4-4357-4C9A-849A-9BA6B138FF2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092A9CF8-8CB9-4CA7-A545-6C9AE01C5E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0B996DC9-B4BC-42B2-8FDE-310EAF9C71F0}" = protocol=6 | dir=in | app=d:\halite.exe |
"{0C271F8C-E4CD-4CE7-AEF7-FDA27EDEE846}" = protocol=6 | dir=out | app=system |
"{0F46C674-DB77-4F75-9675-130385E5D23A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{1406342D-885F-4C29-B1F8-C98874C55ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat |
"{151A1846-B35D-49B9-AE07-09EA38608397}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{165F2298-0216-4438-A0C0-3DB89DD42605}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16EB4FFE-7CAB-4CA6-922F-8E887A41C8FE}" = protocol=17 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe |
"{1A67FC89-32C5-427C-AAF7-345EF31DBBD9}" = protocol=17 | dir=in | app=d:\fm.exe |
"{1B780551-3054-4D65-A259-916B4B58875F}" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\game\league of legends.exe |
"{1C184435-D473-4915-B01C-5FEAE4C8FB67}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E7518AF-4799-4810-AE8E-75158025B689}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EEBCA22-73B4-47F4-996F-58DDD5794790}" = protocol=17 | dir=in | app=d:\halite.exe |
"{243D872C-371E-481D-8DD4-7C0EC8A17647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{29E87208-D818-4BDE-B11B-86C89E2A6211}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat |
"{2CAB6C49-B0FE-450B-8FCC-19F1F29C87B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32BD1AA6-5AC7-4C99-98FA-B08C966DDD3A}" = protocol=6 | dir=in | app=d:\garena messenger\gamedata\apps\lol\air\lolclient.exe |
"{3812F908-2EE0-45D2-9AFF-410AC3EE1093}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3BBB832A-E1E7-4C25-BBB7-3C74BC5D397A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{47387B14-AE4E-4657-AED7-EFC0A0838E0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DB7557B-88F6-46A2-842B-4CFDB8E00AF8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5000033F-1EB3-4CF8-8EFC-95CED26054F1}" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\air\lolclient.exe |
"{554B6936-88FF-495C-B3E0-7029D623CE96}" = protocol=6 | dir=in | app=d:\dn\dragonnest.exe |
"{5716CB77-4615-4D24-9275-F86AA61241E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EECDE6F-5B19-4E97-9696-D5B26D40389A}" = protocol=6 | dir=in | app=d:\fm.exe |
"{604DC840-2970-434A-A193-226DDE6F6559}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{61E7E45B-0453-4B94-A4C8-183CC8A807E1}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe |
"{63EB0765-1C39-4ABC-BEF8-7E06595FF4EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6BAB9F6A-BB9B-4820-A2D2-2C5589EE10DF}" = protocol=6 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe |
"{6D6DD07C-1584-425C-89C9-8E2BA3260F4A}" = protocol=17 | dir=in | app=d:\dn\dragonnest.exe |
"{6D9491D0-1CBE-4C74-BDC1-5E01A1DD00E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{6F067044-2343-4813-B3B8-9F760FBA2545}" = protocol=6 | dir=in | app=d:\dn\dragonnest.exe |
"{70357A08-1C28-4E11-88E0-73D95765D57C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70F3AF1E-41BC-412F-BE3E-7CA3BEFF15C5}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{722EA1F6-CB33-429E-B7E2-0337DA37F612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{767433B1-70B5-40E5-B016-298260E460C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79216725-F253-4C9F-9B03-B953A0EB2F81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A087BCB-3076-4E39-8746-59748449A043}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7AAC63AE-D43D-48B9-B89E-854B0CBA1E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7AEEFE8B-268F-4F4B-AA3D-816DCD38B4A8}" = protocol=6 | dir=in | app=d:\dragonnest.exe |
"{84272A52-E7B7-4D83-B6A3-7127831BD26B}" = protocol=17 | dir=in | app=d:\garena messenger\gamedata\apps\lol\air\lolclient.exe |
"{899327D7-215E-471B-BBA7-AE09B18A2C78}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{92B98B69-FB5B-47FC-97C6-6F5A3E54C46D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{9529629A-BCDE-401B-9C87-CFE6861C5A94}" = protocol=17 | dir=in | app=d:\dragonnest.exe |
"{9A858604-D8C6-4211-9B86-A073E7588560}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{9C494448-D958-48B2-8F84-0BB4C62002B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9FAE2570-EFC4-42AD-89F6-8E3189A31461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A08FCB2A-9100-4B92-87F6-5B13B226C051}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A2BD39A3-40C8-4AAC-89ED-EA0B595B0FA0}" = protocol=17 | dir=in | app=d:\dn\dragonnest.exe |
"{A8C44987-0512-4DC7-834C-45F154628511}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A947A19A-85AA-4434-A844-BC32C4A554E6}" = protocol=6 | dir=in | app=d:\dragonnest.exe |
"{AD45B360-50D8-4F2F-B154-62A8F5B941E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{AEEF178C-717D-487B-9233-CADD1B08B18A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B35905D6-90D7-4329-A866-01CC72B551E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B8E5606A-C084-41C2-A239-F2E6138C0568}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B96E51B8-931F-40CB-86C5-A1AD1B4A40D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDA31937-B83E-4A67-BF68-923B9087B8DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF0FA97C-E924-462A-88EA-C25D02328235}" = protocol=17 | dir=in | app=d:\garena messenger\gamedata\apps\lol\game\league of legends.exe |
"{C3570F68-0F3E-46F9-A6AA-97046761F309}" = protocol=17 | dir=in | app=d:\dragonnest.exe |
"{C700C6F4-7D77-4145-9EB0-4DD13DBA61E9}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe |
"{CC829972-7FAE-43B2-91F9-0B9B98240B39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D655BA1F-EC05-4CB1-A91A-5731309FC0E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D665B0A0-E14A-48CB-AA31-C57AF807087D}" = protocol=6 | dir=in | app=d:\garena messenger\gamedata\apps\lol\game\league of legends.exe |
"{D8CE0E0C-7C99-4E9D-9400-EFE50557F499}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E4F8108A-F30B-4A4A-A6D2-4FA3736DC478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E60E6146-C0F5-42D6-85FB-094C5290E190}" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\air\lolclient.exe |
"{F02859B6-BD20-42D8-A206-C431419C725B}" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\game\league of legends.exe |
"TCP Query User{02450EAC-8C6D-4905-AB4A-8E382B862C41}D:\utorrent.exe" = protocol=6 | dir=in | app=d:\utorrent.exe |
"TCP Query User{050B1DD5-CEF7-4D65-A503-522B7A9FBD26}D:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe |
"TCP Query User{1229C332-EF25-4A6F-A41A-65BDFA03A011}D:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"TCP Query User{12CCF92C-ECBE-4A4F-8489-4AF853DA95A9}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"TCP Query User{1BD5FD3D-69CC-463D-BDEF-CE2FB9942C73}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"TCP Query User{1E80794C-5C23-488B-957E-F86C5A87FDF6}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"TCP Query User{23D36B1C-3098-4B20-B54D-936E5E0C8B88}E:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe |
"TCP Query User{37BD2B21-3581-4EEF-B680-E2CBFE200E82}D:\garena messenger\garenamessenger.exe" = protocol=6 | dir=in | app=d:\garena messenger\garenamessenger.exe |
"TCP Query User{38C73AB2-E18B-47F3-BF37-93E5A4D71369}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{3B5B4AB8-426F-482E-BDD9-611A99DB9BB2}D:\lolinstaller.exe" = protocol=6 | dir=in | app=d:\lolinstaller.exe |
"TCP Query User{3FEF3E1B-9483-4342-8FCA-0C23314D0585}C:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe |
"TCP Query User{45FAB807-801B-4039-869D-D7E932B0DCBC}D:\omd2\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=6 | dir=in | app=d:\omd2\orcs must die 2\build\release\orcsmustdie2.exe |
"TCP Query User{6F3D2C7A-F2C6-4A65-AE8D-B6A4A8FC78A3}D:\utorrent.exe" = protocol=6 | dir=in | app=d:\utorrent.exe |
"TCP Query User{73C98552-5F75-4C8B-BFA7-EBCFDB82B564}C:\program files (x86)\garena messenger\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\garenamessenger.exe |
"TCP Query User{74AE4AD1-8922-4C02-A90A-9BC87119E1BB}D:\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\garena plus\room\garena_room.exe |
"TCP Query User{85467F8E-E0C8-444E-A8B2-010A06B4F41B}D:\unmechanical\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\unmechanical\binaries\win32\udk.exe |
"TCP Query User{857ACBFD-DF96-4BF1-835F-1BCD1EFCD265}E:\grimlauncher1.5\grim fandango launcher.exe" = protocol=6 | dir=in | app=e:\grimlauncher1.5\grim fandango launcher.exe |
"TCP Query User{B61208AE-3150-4DDA-9E9D-F42C4E46ECDF}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{C0DE5F5A-0FD8-4C00-BE4A-F907695CF668}D:\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\garena plus\room\garena_room.exe |
"TCP Query User{C2BC08B3-D08A-4D61-8A3A-02D73598CED9}D:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe" = protocol=6 | dir=in | app=d:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe |
"TCP Query User{D08AF38E-630B-45B4-96D4-313DABDF4FFC}C:\users\ee\downloads\lolinstaller.exe" = protocol=6 | dir=in | app=c:\users\ee\downloads\lolinstaller.exe |
"TCP Query User{D998120A-5444-4FC5-94A5-EA155E25B64B}D:\fifa 12\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\fifa 12\game\fifa.exe |
"TCP Query User{FB1BA204-9802-441B-AEA8-1BF1941266C2}D:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\l4d2\left 4 dead 2\left4dead2.exe |
"UDP Query User{0E6F4E38-E631-4823-A59A-27FA5510F30D}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe |
"UDP Query User{1696BE1E-DCD2-4B12-B7E5-0656CD2346E3}D:\garena messenger\garenamessenger.exe" = protocol=17 | dir=in | app=d:\garena messenger\garenamessenger.exe |
"UDP Query User{2233428D-B57F-4ED6-9470-3095B1AC6ECD}D:\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\garena plus\room\garena_room.exe |
"UDP Query User{33708BB5-2286-48A9-8D9E-C41F70850907}E:\grimlauncher1.5\grim fandango launcher.exe" = protocol=17 | dir=in | app=e:\grimlauncher1.5\grim fandango launcher.exe |
"UDP Query User{3A501273-288A-42AC-A9ED-9757CA8E4D0A}D:\utorrent.exe" = protocol=17 | dir=in | app=d:\utorrent.exe |
"UDP Query User{50D38B3C-36B5-4A0E-AFA7-D37F806C36A8}D:\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\garena plus\room\garena_room.exe |
"UDP Query User{5779F626-45B6-4E55-BAA6-EEB82F5C75EB}D:\lolinstaller.exe" = protocol=17 | dir=in | app=d:\lolinstaller.exe |
"UDP Query User{619E8489-7068-44C6-8AD1-C0510B9E1C5B}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"UDP Query User{65A0798E-6C8B-4F8F-9627-EB13FDD825A7}D:\fifa 12\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\fifa 12\game\fifa.exe |
"UDP Query User{6FC3D863-77B8-439A-A7EB-63BBBD7984CC}D:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\l4d2\left 4 dead 2\left4dead2.exe |
"UDP Query User{755DCDA5-205B-472D-BFB6-E6EB7EF640BB}C:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe |
"UDP Query User{81CE298B-A7C3-4B07-BDCF-DBEBED691DF0}C:\users\ee\downloads\lolinstaller.exe" = protocol=17 | dir=in | app=c:\users\ee\downloads\lolinstaller.exe |
"UDP Query User{87241116-7143-4FA5-8ECC-818D299269C0}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{8D959418-C5C7-4197-BB79-4650AEEE3C85}D:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe |
"UDP Query User{98A4D880-35E8-4B16-9437-F9AA8E1C66CE}D:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"UDP Query User{9D6275ED-0516-4093-9BED-639EB2B9A514}C:\program files (x86)\garena messenger\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\garenamessenger.exe |
"UDP Query User{A3E11DD9-A658-449A-BB23-C8304AFE4D1E}D:\omd2\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=17 | dir=in | app=d:\omd2\orcs must die 2\build\release\orcsmustdie2.exe |
"UDP Query User{B3128373-E183-4EAA-A787-58DDAFBEBDE4}D:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe" = protocol=17 | dir=in | app=d:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe |
"UDP Query User{B6374CB1-DF20-4988-A68F-C524B3A9A772}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{B9794620-473D-45DD-A990-DCC1801A1EB6}E:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe |
"UDP Query User{C9C30463-9D9A-4DF3-A6C0-8E99C7165D5F}D:\unmechanical\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\unmechanical\binaries\win32\udk.exe |
"UDP Query User{E47A236B-3A62-41D6-9DDC-EBB918C67715}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"UDP Query User{F1482B1B-6430-4D46-AE29-09120B2C9BC0}D:\utorrent.exe" = protocol=17 | dir=in | app=d:\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.5.3.3898
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C36247E-5879-401C-B423-EB5D663B02D9}" = FMRTE
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0AF5EFE-5971-4A54-A69F-D2D95E9E5363}" = Halite
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED8DE18A-421A-46CE-884B-E913EB16AB49}" = calibre
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.1.10
"lavfilters_is1" = LAV Filters 0.42
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus!" = Messenger Plus! 5
"Picasa 3" = Picasa 3
"Sine Mora_is1" = Sine Mora
"Steam App 570" = Dota 2
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"WinLiveSuite" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12121
Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12121
Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13213
Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13213
Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2741670
Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2741670
Error - 11/5/2011 12:30:39 PM | Computer Name = ee-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error
in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 11/12/2012 10:50:12 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2
Error - 11/12/2012 10:50:33 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
Error - 11/12/2012 10:51:42 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%3
Error - 11/12/2012 1:48:27 PM | Computer Name = ee-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:46:47 AM on ?11/?13/?2012 was unexpected.
Error - 11/12/2012 1:48:27 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2
Error - 11/12/2012 1:48:50 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
Error - 11/12/2012 1:49:59 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%3
Error - 11/12/2012 7:22:59 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2
Error - 11/12/2012 7:23:16 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
Error - 11/12/2012 7:24:02 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%3
< End of report >
--------------------------
# AdwCleaner v2.007 - Logfile created 11/13/2012 at 23:03:07
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : ee - EE-PC
# Boot Mode : Normal
# Running from : C:\Users\ee\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\ee\AppData\LocalLow\Conduit
Folder Found : C:\Users\ee\AppData\LocalLow\MessengerPlusLive_TB
Folder Found : C:\Users\ee\AppData\LocalLow\PriceGong
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\MessengerPlusLive_TB
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MessengerPlusLive_TB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54A1A003-0A7A-496B-9A27-2ABC4D044623}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1503 octets] - [13/11/2012 23:03:07]
########## EOF - C:\AdwCleaner[R1].txt - [1563 octets] ##########
-
hello!
Thanks for the advice on p2p & sharing the information with me. I have removed the program.
Today find gala returned with a vengeance, directing chrome sites to a sports ad, to a fake anti virus page. Mostly it just redirected to its find gala page.
should I do another round of scans?
my laptop has no issues, its been running smoothly for 4 years now!
Here is the ESET log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77e67b4d5cf0dd44a2136bddcf1264e3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-11 08:05:56
# local_time=2012-11-12 04:05:56 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 89118 104288366 0 0
# compatibility_mode=8192 67108863 100 0 667 667 0 0
# scanned=169909
# found=1
# cleaned=0
# scan_time=5840
D:\DAEMON Tools Lite\DTLite4461-0327.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77e67b4d5cf0dd44a2136bddcf1264e3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-12 12:08:13
# local_time=2012-11-12 08:08:13 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 138264 104337512 0 0
# compatibility_mode=8192 67108863 100 0 49813 49813 0 0
# scanned=181947
# found=1
# cleaned=0
# scan_time=14430
D:\DAEMON Tools Lite\DTLite4461-0327.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
-
Edit: should not have attached files since its still infected.here are the logs:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.08.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
[administrator]
11/8/2012 8:45:40 PM
mbam-log-2012-11-08 (20-45-40).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353990
Time elapsed: 52 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:15 PM, on 11/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - (no file)
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8128 bytes
-----------------------
ComboFix 12-11-08.01 - 11/08/2012 19:22:42.3.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3067.2327 [GMT 8:00]
Running from: c:\users\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-11-07 01:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DCFC2F7-8654-425D-826B-4FB4FAE54AB6}\mpengine.dll
2012-11-05 05:56 . 2012-11-05 05:56 -------- d-----w- c:\users\AppData\Local\VirtualStore
2012-11-04 22:38 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-04 22:37 . 2012-11-04 22:37 -------- d-----w- c:\program files\AVAST Software
2012-11-03 15:45 . 2012-11-03 15:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-23 11:58 . 2012-10-23 11:58 -------- d-----w- c:\users\Tracing
2012-10-23 09:18 . 2012-11-03 16:24 -------- d-----w- c:\users\fourclover
2012-10-17 10:50 . 2012-10-23 13:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-17 10:50 . 2012-10-23 13:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-17 08:40 . 2012-10-17 08:41 -------- d-----w- c:\program files (x86)\Calibre2
2012-10-13 20:45 . 2012-08-27 23:40 4204272 ----a-w- c:\windows\SysWow64\GameMon.des
2012-10-13 20:43 . 2005-01-04 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-10-13 20:43 . 2003-07-20 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-10-13 20:43 . 2012-10-13 20:43 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-10-10 16:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 16:32 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 16:32 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 16:32 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 16:32 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 16:32 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 16:32 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 16:32 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 16:32 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 16:32 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 16:32 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 16:32 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 17:58 . 2010-10-09 07:01 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 11:54 . 2010-09-22 18:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 11:15 . 2012-09-22 19:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 19:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 19:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 19:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 19:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 19:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 19:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 19:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 19:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 19:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 19:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 19:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 19:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 19:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 19:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 19:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 19:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 19:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 19:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 19:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 19:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 19:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-21 05:01 . 2012-10-09 08:39 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 05:01 . 2011-04-04 11:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 05:01 . 2011-04-04 11:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-10 16:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="D:\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824]
R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1255736]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-02-21 393728]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-01 14:41]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-01 14:41]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001Core.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 15:58]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001UA.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 15:58]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\program files (x86)\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe
AddRemove-{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E} - c:\program files (x86)\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-653543735-296090576-2018118724-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,f3,11,22,f6,e3,3a,0c,a3,97,b4,83,a7,00,3b,3a,5f,87,82,a5,e1,ef,07,
49,0b,43,d7,66,9b,25,6e,01,20,4a,f6,bb,2f,ea,f0,59,4c,fb,c4,cc,c9,d5,c5,a6,\
"??"=hex:fb,8e,33,19,1a,6f,15,23,28,fd,86,c1,b8,4d,d3,5d
.
[HKEY_USERS\S-1-5-21-653543735-296090576-2018118724-1001\Software\SecuROM\License information*]
"datasecu"=hex:ab,cf,b2,2f,26,ec,b7,07,43,50,45,5b,0c,0a,16,56,b2,f7,aa,d5,17,
ad,e8,84,70,d2,7c,cf,5d,44,5f,83,c9,3e,52,46,d4,2f,2e,54,30,c1,87,a0,fb,9d,\
"rkeysecu"=hex:f5,fd,47,34,3f,18,4d,5d,54,6c,de,45,09,47,9e,52
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08 19:32:01
ComboFix-quarantined-files.txt 2012-11-08 11:32
ComboFix2.txt 2012-11-08 11:09
.
Pre-Run: 20,710,404,096 bytes free
Post-Run: 20,646,273,024 bytes free
.
- - End Of File - - 65A134CFE2BD95507F4A172254A42E66
--------------------------------------
DS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by at 20:38:06 on 2012-11-08
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3067.1476 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sg/
mURLSearchHooks: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "D:\uTorrent.exe" /MINIMIZED
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\3594E4744554C4D223435393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\3594E4744554C4D273936303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\7796275643732393 : DHCPNameServer = 192.168.1.1 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-22 1255736]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-2-21 393728]
.
=============== Created Last 30 ================
.
2012-11-08 11:55:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-08 10:57:00 98816 ----a-w- C:\Windows\sed.exe
2012-11-08 10:57:00 256000 ----a-w- C:\Windows\PEV.exe
2012-11-08 10:57:00 208896 ----a-w- C:\Windows\MBR.exe
2012-11-07 14:32:41 -------- d-----w- C:\Users\AppData\Local\{68FC57F7-D664-46E4-9063-74986ED17604}
2012-11-07 01:35:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DCFC2F7-8654-425D-826B-4FB4FAE54AB6}\mpengine.dll
2012-11-06 08:37:08 -------- d-----w- C:\Users\AppData\Local\{8A7424D3-6A4D-4EE0-983D-D5BABBB38E5A}
2012-11-05 12:19:56 -------- d-----w- C:\Users\AppData\Local\{5824996B-1129-4C2F-BD17-771C73B5B612}
2012-11-05 05:56:18 -------- d-----w- C:\Users\AppData\Local\VirtualStore
2012-11-04 22:37:23 -------- d-----w- C:\Program Files\AVAST Software
2012-11-03 15:45:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-23 11:58:50 -------- d-----w- C:\Users\ee\Tracing
2012-10-23 09:18:28 -------- d-----w- C:\Users\ee\fourclover
2012-10-17 10:50:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-17 10:50:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-17 08:40:55 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-10-13 20:45:30 4204272 ----a-w- C:\Windows\SysWow64\GameMon.des
2012-10-13 20:43:59 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2012-10-13 20:43:59 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2012-10-13 20:43:01 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2012-10-10 16:32:44 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 16:32:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 16:32:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 16:32:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 16:32:36 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 16:32:36 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 16:32:34 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 16:32:34 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 16:32:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 16:32:34 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 16:32:33 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 16:32:33 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-09-29 11:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 05:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 05:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 05:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:39:07.81 ===============
-
Hello! Google Chrome infected with gala find malware.
My attempts : used MalwareBytes's Anti-malware,Avast, superantispyware, spybot earch and destroy, Unfortunately did not save logs,did remember no detection of gala find.
Gala find continues to redirect links and websites.
Next action : opened c:\windows\system32\drivers\etc\hosts
deleted anything below the local host 127.0.0.1 (highlight the text and hit 'delete')
used combofix in safe mode.
Gala find not appearing. wonder if still infected?
thanks!
Update : It is still infected. a redirect to gala did happen.
Is it still infected?
in Resolved Malware Removal Logs
Posted
Good evening TheDarkKnight,
Removed the programs.
good advice.
Thank you so much for all your assistance,help and advice! (: